Thanks for your reply :)
I was looking into the PCAP documentation at first but found this in its FAQ:
"Q-17: Can I use WinPcap to drop the incoming packets? Is it possible to use
WinPcap to build a firewall?
A: No. WinPcap is implemented as a protocol, therefore it is able to capture
the packets, but it can't be used to drop them before they reach the
applications. The filtering capabilities of WinPcap work only on the sniffed
packets. In order to intercept the packets before the TCP/IP stack, you must
create an intermediate driver.
"
Will I be able to to drop and modify packets with a LAyered Service Provider?
Can you point me in some direction where I can find more information on LSP?
--
Best regards Björn Olsson
Head of Technology
Centre for Business Solutions
Gothenburg School of Economics and Commercial Law
"Vadym Stetsyak" wrote:
Hello, Björn!
BO> If I where to capture network traffic, dropping packets and modifying
BO> packets. I.e write firewall functionality. Which API or SDK would be
BO> the correct choice? I would prefer to do it in .net.
Win PCAP library can be good start, however it is unmanaged.
( http://www.winpcap.org/ )
BO> Do I have to use the DDK package or is there any other way?
If you want to filter not only sockets traffic, then definetly DDK. You will have to write kernel-mode device driver.
If sockets traffic is okay for you you can stay on user mode and write LSP ( Layered Service Provider )
--
Regards, Vadym Stetsyak
www: http://vadmyst.blogspot