Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1,426 through 1,440 (of 1,499 total)
  • Author
    Posts
  • in reply to: Howto get IP address for a given adapter #5631
    Vadim Smirnov
    Keymaster

      The only documented way is IP Helper API.

      in reply to: Send out modified ip packets, but no reponse ( NAT ) #5627
      Vadim Smirnov
      Keymaster

        In order to analyze your code I would also need to analyze the environment it runs in. However, check if you have enable IP routing (forwarding) since it is disabled by the default and TCP/IP will just drop the packets from the interface if they don’t match interface address information.

        Another ques: when I call SendPacketToMstcp(), should I also get this packet at PACKET_FLAG_ON_SEND at the other adapter when MSTCP send it to interface? I tried, but not get the packet.

        No, this flag has informational purpose only (for you reference if packet was received from the network or from the stack).

        in reply to: How can i drop packets using Local Host Api #5624
        Vadim Smirnov
        Keymaster

          Localhost Monitor API is created as a sniffer tool, not the firewall software and can’t be used fot the dropping packets. However, it’s base driver (TDI filter driver) can be used for the developing the application level firewall like the one you have mentioned.

          in reply to: tunnel mode not dropping packets? #5618
          Vadim Smirnov
          Keymaster

            You have NDISWANIP interface even if you have no modems installed. Please reference the interface list returned by ListAdapters tool.

            in reply to: tunnel mode not dropping packets? #5616
            Vadim Smirnov
            Keymaster

              I only have one adaptor in the PC. So everything must go through that network card.

              If you have single ethernet interface then it does not mean that you have the only adapter seen by WinpkFilter, because you always have the dial-up(NDISWANIP) interface.

              If i put the adaptor in to tunnel mode and dont have SendPacketToAdapter or SendPacketToMSTCP then all packets should be dropped and no networking should function.

              You are right, if you filter in tunnel mode and don’t reinject packets to stack then any network activity is disabled. I suppose something is wrong with your code, definitions or the network interface you filter.

              in reply to: testapp stops working after some time #5619
              Vadim Smirnov
              Keymaster

                Please check if you are using retail (not trial) version of the driver.

                in reply to: tunnel mode not dropping packets? #5614
                Vadim Smirnov
                Keymaster

                  I have the only idea, probably you filter the adapter different from the one used for the e-mail and network browsing.

                  in reply to: Need to know what application is associated with a packet #5477
                  Vadim Smirnov
                  Keymaster

                    There may be 2 application which are accessing same IP/ port/ protocol like Netscape and Internet explorer accessing yahoo.com same time.

                    Right, destination IP/protocol/port can be the same, but source ports will be different for the case described.

                    in reply to: NAT question #5607
                    Vadim Smirnov
                    Keymaster

                      IMHO, in theory (hardly likely that it will ever happen in real life) it is possible that application running on NAT system access the same IP/port as another application running behind the NAT and the same source port used in NAT table and for local application running on NAT system. In this case it is not possible to distinguish if packet should be NAT’ed or not. But even in this rare case you still can use sequence and aknowledgement fields in TCP header to determine wheather the NAT should be applied (it will work for TCP connection only).

                      in reply to: Need to know what application is associated with a packet #5475
                      Vadim Smirnov
                      Keymaster

                        You can use IP/port/protocol information gathered on the TDI level and match it against information extracted from IP packet. If it is the same then the packet is probably originated from the application you intercepted on the TDI level.

                        in reply to: Can winpkfilter work properly with win XP SP2? #5609
                        Vadim Smirnov
                        Keymaster

                          The latest WinpkFilter release is fully compatible with Windows XP SP2.

                          in reply to: NAT question #5605
                          Vadim Smirnov
                          Keymaster

                            So what about if some application use this port number at the NAT computer? Is there any conflicts if use same port number ( with some application at NAT computer )?

                            The conflict is possible, you will just bypass those applications (they may be not working properly with your NAT application, but it won’t make any problems to NAT). However, you can just reserve required port range by your own application.

                            Another question: how to get binding IP address for each interface adapter, and how to get windows route table?

                            IP Helper API

                            in reply to: NAT question #5603
                            Vadim Smirnov
                            Keymaster

                              When I replace the Client(IP, PORT) of the inner packet with the NAT External(ip, port), what port number should I used for the NAT external? The same with the Client Port or a new one? Is that must be a free number that no one uses it? How do I generate this port number.

                              When you substitute inner source IP with external one but don’t substitute inner port this is called static NAT. When you substitute inner source port in addition to IP this is called dynamic NAT. You can use any free port number (an example just take some rarely used port range like 10000-64000 and allocate ports from there).

                              PS: where can I get the code of Checksum Calculation?

                              That depends from the progarmming environment you use, an example some C and Delhi code is available on this board.

                              in reply to: NAT question #5601
                              Vadim Smirnov
                              Keymaster

                                If you want to realize your own packet forwarding you can do it with API’s you have mentioned. If you filter two adapters and you can read packet from one and send them to another, here is no crime. Just don’t forget that MTU for the interfaces can be different.

                                in reply to: address translation #5547
                                Vadim Smirnov
                                Keymaster

                                  One of the approaches (the easiest from my point of view) is filtering Server(WAN) interface substituting the original IP (if it is from LAN) in the outgoing packet with Server WAN card IP (port substitution also should be done in order to perform backward mapping). For incoming packets on the Server (WAN) interface you should match against NAT table and perform the reversed operation. Please note that packet forwarding should be enabled on the Server. You don’t need to route packets youself, TCP/IP will do it for you.

                                Viewing 15 posts - 1,426 through 1,440 (of 1,499 total)