Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1,276 through 1,290 (of 1,338 total)
  • Author
    Posts
  • in reply to: NAT question #5605
    Vadim Smirnov
    Keymaster

      So what about if some application use this port number at the NAT computer? Is there any conflicts if use same port number ( with some application at NAT computer )?

      The conflict is possible, you will just bypass those applications (they may be not working properly with your NAT application, but it won’t make any problems to NAT). However, you can just reserve required port range by your own application.

      Another question: how to get binding IP address for each interface adapter, and how to get windows route table?

      IP Helper API

      in reply to: NAT question #5603
      Vadim Smirnov
      Keymaster

        When I replace the Client(IP, PORT) of the inner packet with the NAT External(ip, port), what port number should I used for the NAT external? The same with the Client Port or a new one? Is that must be a free number that no one uses it? How do I generate this port number.

        When you substitute inner source IP with external one but don’t substitute inner port this is called static NAT. When you substitute inner source port in addition to IP this is called dynamic NAT. You can use any free port number (an example just take some rarely used port range like 10000-64000 and allocate ports from there).

        PS: where can I get the code of Checksum Calculation?

        That depends from the progarmming environment you use, an example some C and Delhi code is available on this board.

        in reply to: NAT question #5601
        Vadim Smirnov
        Keymaster

          If you want to realize your own packet forwarding you can do it with API’s you have mentioned. If you filter two adapters and you can read packet from one and send them to another, here is no crime. Just don’t forget that MTU for the interfaces can be different.

          in reply to: address translation #5547
          Vadim Smirnov
          Keymaster

            One of the approaches (the easiest from my point of view) is filtering Server(WAN) interface substituting the original IP (if it is from LAN) in the outgoing packet with Server WAN card IP (port substitution also should be done in order to perform backward mapping). For incoming packets on the Server (WAN) interface you should match against NAT table and perform the reversed operation. Please note that packet forwarding should be enabled on the Server. You don’t need to route packets youself, TCP/IP will do it for you.

            in reply to: kernel mode = yes, Application mode = ? #5600
            Vadim Smirnov
            Keymaster

              What environment do you use for the development? There is a C header file iphlp.h which has some sample protocol header definitions (IP header, TCP header, UDP header and etc…). If you are using Delphi then you can use the ones below:

              TIPHeaderPtr = ^TIPHeader;
              TIPHeader = packed record
              VerLen: Byte; //HL
              TOS: Byte;
              TotalLen: Word;
              Identifer: Word;
              FragOffsets: Word;
              TTL: Byte;
              Protocol: Byte;
              CheckSum: Word;
              SourceIp: DWORD;
              DestIp: DWORD;
              // Options: DWORD;
              end;

              TTCPHeaderPtr = ^TTCPHeader;
              TTCPHeader = packed record
              SourcePort:Word;
              DestPort:Word;
              SequenceNumber:DWord;
              AcknowledgementNumber:DWord;
              Offset:Byte; //only left 4 bits. Header length in 32-bit segments
              Flags:Byte;
              Window:Word;
              Checksum:Word; //includes speudo header instead of TCP header.
              UrgentPointer:Word;
              end;

              pTCPData: PChar;

              And probably it makes sense for you to look at this topic:
              http://ntkernel.com/forum/viewtopic.php?t=114

              We are trying to provide as good support as we can 🙄

              in reply to: kernel mode = yes, Application mode = ? #5598
              Vadim Smirnov
              Keymaster

                Is it possible to use both packet level and application level filtering with in the same program ie. inspect packet using winPKfilter then a LSP/TDI filter?

                Yes, sure.

                Does your company provide a application level filter?

                We provide localhost monitor API, which is TDI filter for Windows NT/2000/XP/2003. LSP sample is avalaible as a part of MSDN. Simple TDI filter for Windows 9x can be found in the VTOOLSD samples (from Compuware).

                in reply to: kernel mode = yes, Application mode = ? #5596
                Vadim Smirnov
                Keymaster

                  WinpkFilter allows you implementing packet filtering technologies in both user or kernel mode (the one you choose depends from your expirience and requirements). But this is packet level filtering (it is not possible to determine application context on the NDIS level). For application level filtering you would need LSP or TDI filter.

                  in reply to: WinpkFilter news/updates. #5501
                  Vadim Smirnov
                  Keymaster

                    Visual Basic samples for WinpkFilter 2.4 released. You can download it from WinpkFilter product homepage.

                    in reply to: Multiple Adapters… #5595
                    Vadim Smirnov
                    Keymaster

                      1. How can I use WinpkFilter for capturing packets from multiple adapters ?

                      You can start the dedicated thread for each network interface to capture and process packets from it, just like PassThru sample does. Another way is setting up events for each interface and using WaitForMultipleObjects.

                      2. Dose my WinpkFilter Appication NOT conflict with any other NDIS hooking drivers or WinpkFilter Applications ?

                      We can’t guarantee the compatibility with any other hooking drivers, but WinpkFilter is compatible with the majority of firewalls on the market. In order to avoid conflicts with other WinpkFilter applications you would need the custom build (with customized names for drivers and devices) of WinpkFilter drivers (free for the Developer license).

                      in reply to: A question for a networking guru……….. #5594
                      Vadim Smirnov
                      Keymaster

                        LSP is user mode solution, but TDI is kernel one. So, LSP is much more easier way. I don’t think that you should intercept clients who work with TDI directly, so probably LSP fits you.

                        in reply to: A question for a networking guru……….. #5591
                        Vadim Smirnov
                        Keymaster

                          Is it possible to use virtual network interface? Or even virtual NIC is not allowed? In the last case you have the only choice – TDI filter driver.

                          in reply to: about winpkfilter help #5574
                          Vadim Smirnov
                          Keymaster

                            Just follow the online order link for the WinpkFilter Source Code (click Order Now) available at: http://www.ntkernel.com/products/winpkfilter.shtml

                            Here the exact link for your convinience:

                            http://secure.emetrix.com/order/product.asp?PID=38895814

                            If you have any problems with it please contact support@ntkernel.com.

                            Thanks for your interest in WinpkFilter.

                            in reply to: Auto-Choose Internet Network Adapter #5570
                            Vadim Smirnov
                            Keymaster

                              I’m sorry, I have not ready function for this, but you can use GetIpForwardTable for retrieving the IP routing table. Usually the deafault gateway interface (0.0.0.0 mask 0.0.0.0 is the Internet one).

                              in reply to: NT Personal Firewall #5428
                              Vadim Smirnov
                              Keymaster

                                Thank you for your interest. NT Kernel Firewall 2.0 development was not stopped, but this is a low priority project for us (caused by very low level of sales).

                                However, taking into account your interest in this product we could release the intermediate version of it (1.3) with the fetures you would like to have first. We really appreciate your ideas and interest.

                                in reply to: debugging LocalHost API gets TCP/IP "stuck" #5573
                                Vadim Smirnov
                                Keymaster

                                  We ordered it exactly 7 days ago and didn’t get anything by email
                                  or else. I mailed the order # to support@.

                                  The download information was just resent to the address specified in the order details. Please check if it is correct. There is also a possibility that notification was killed by one of the spam filters along the way. In this case please change the e-mail in the order details.

                                  OK, what information do you need ?

                                  Where do you actually set up the breakpoints?

                                Viewing 15 posts - 1,276 through 1,290 (of 1,338 total)