static void Main() { try { var driverPtr = Ndisapi.OpenFilterDriver(); var adapters = new TCP_AdapterList(); GCHandle.Alloc(adapters); if ((Ndisapi.IsDriverLoaded(driverPtr))) { Console.WriteLine("The following network interfaces are available to MSTCP:"); var result = Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adapters); if (!result) { throw new ApplicationException("Can't get TCP/IP bound adapters info"); } for (var i = 0; i < adapters.m_nAdapterCount; i++) { Console.WriteLine("{0}) {1}", i + 1, adapters.GetName(i)); Console.WriteLine("\tInternal Name:\t {0}", adapters.GetInternalName(i)); Console.WriteLine("\tCurrent MAC:\t {0}", adapters.GetMacAddressStr(i)); Console.WriteLine("\tMedium:\t 0x{0:X8}", adapters.m_nAdapterMediumList[i]); Console.WriteLine("\tCurrent MTU:\t {0}", adapters.m_usMTU[i]); // Set tunnel mode for the selected network iunterface var mode = new ADAPTER_MODE { hAdapterHandle = adapters.m_nAdapterHandle[i] }; Ndisapi.GetAdapterMode(driverPtr, ref mode); Console.WriteLine("\tCurrent adapter mode = 0x{0:X8}", mode.dwFlags); } Console.WriteLine("\n\nCurrent system wide MTU decrement = {0}", Ndisapi.GetMTUDecrement()); Console.WriteLine("Default adapter startup mode = 0x{0:X8}", Ndisapi.GetAdaptersStartupMode()); } else { Console.WriteLine("Helper driver failed to load or was not installed."); } Ndisapi.CloseFilterDriver(driverPtr); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } }
static void OpenNDISDriver() { if (hNdisapi != IntPtr.Zero) { LogCenter.Instance.Push("NetworkAdapter-static", "Bad state was found, attempting to open the NDIS Filter Driver while the IntPtr != IntPtr.Zero, continuing"); } hNdisapi = Ndisapi.OpenFilterDriver(Ndisapi.NDISRD_DRIVER_NAME); TCP_AdapterList adList = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList); if (adList.m_nAdapterCount == 0) { LogCenter.WriteErrorLog(new Exception("No adapters found on this driver interface")); return; } isNdisFilterDriverOpen = true; }
public static List <NetworkAdapter> GetNewAdapters() { if (!isNdisFilterDriverOpen) { OpenNDISDriver(); } TCP_AdapterList adList = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList); List <NetworkAdapter> tempList = new List <NetworkAdapter>(); for (int x = 0; x < currentAdapters.Count; x++) { for (int y = 0; y < adList.m_nAdapterCount; y++) { if (adList.m_nAdapterHandle[y] == currentAdapters[x].adapterHandle) { currentAdapters[x].UpdateNetworkInterface(Encoding.ASCII.GetString(adList.m_szAdapterNameList, y * 256, 256)); } } } for (int x = 0; x < adList.m_nAdapterCount; x++) { bool found = false; for (int y = 0; y < currentAdapters.Count; y++) { if (adList.m_nAdapterHandle[x] == currentAdapters[y].adapterHandle) { found = true; } } if (!found) { NetworkAdapter newAdapter = new NetworkAdapter(adList.m_nAdapterHandle[x], Encoding.ASCII.GetString(adList.m_szAdapterNameList, x * 256, 256)); if (newAdapter.InterfaceInformation != null) { tempList.Add(newAdapter); currentAdapters.Add(newAdapter); } } } return(tempList); }
public static extern bool GetTcpipBoundAdaptersInfo(SafeFilterDriverHandle hOpen, ref TCP_AdapterList adapters);
static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine(@"Command line syntax: PassThru.exe index num index - network interface index. num - number or packets to filter You can use ListAdapters to determine correct index.\n"); return; } var adapterIndex = uint.Parse(args[0]) - 1; var packetsCount = int.Parse(args[1]); try { var driverPtr = Ndisapi.OpenFilterDriver(); if (!Ndisapi.IsDriverLoaded(driverPtr)) { throw new ApplicationException("Cannot load driver"); } // Retrieve adapter list var adapters = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adapters); // Set tunnel mode for the selected network interface var mode = new ADAPTER_MODE { dwFlags = Ndisapi.MSTCP_FLAG_SENT_TUNNEL | Ndisapi.MSTCP_FLAG_RECV_TUNNEL, hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex] }; Ndisapi.SetAdapterMode(driverPtr, ref mode); // Create and set event for the adapter var manualResetEvent = new ManualResetEvent(false); Ndisapi.SetPacketEvent(driverPtr, adapters.m_nAdapterHandle[adapterIndex], manualResetEvent.SafeWaitHandle); // Allocate and initialize packet structures var request = new ETH_REQUEST(); var buffer = new INTERMEDIATE_BUFFER(); var bufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer)); Win32Api.ZeroMemory(bufferPtr, Marshal.SizeOf(buffer)); request.hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex]; request.EthPacket.Buffer = bufferPtr; while (packetsCount > 0) { manualResetEvent.WaitOne(); while (Ndisapi.ReadPacket(driverPtr, ref request)) { --packetsCount; buffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(bufferPtr, typeof(INTERMEDIATE_BUFFER)); WriteToConsole(buffer, bufferPtr); if (buffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND) { Ndisapi.SendPacketToAdapter(driverPtr, ref request); } else { Ndisapi.SendPacketToMstcp(driverPtr, ref request); } } manualResetEvent.Reset(); } Marshal.FreeHGlobal(bufferPtr); Ndisapi.CloseFilterDriver(driverPtr); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } }
static void UpdateAdapterList() { bool succeeded = false; while (!succeeded) { if (!isNdisFilterDriverOpen) { OpenNDISDriver(); } TCP_AdapterList adList = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(hNdisapi, ref adList); List <NetworkAdapter> tempList = new List <NetworkAdapter>(); //Populate with current adapters List <NetworkAdapter> notFound = new List <NetworkAdapter>(); for (int x = 0; x < currentAdapters.Count; x++) { bool found = false; for (int y = 0; y < adList.m_nAdapterCount; y++) { if (adList.m_nAdapterHandle[y] == currentAdapters[x].adapterHandle) { currentAdapters[x].UpdateNetworkInterface(Encoding.ASCII.GetString(adList.m_szAdapterNameList, y * 256, 256)); tempList.Add(currentAdapters[x]); found = true; } } if (!found) { notFound.Add(currentAdapters[x]); } } //Deal with no longer existant adapters for (int x = 0; x < notFound.Count; x++) { notFound[x].SetNoLongerAvailable(); } //Adding any new adapters for (int x = 0; x < adList.m_nAdapterCount; x++) { bool found = false; for (int y = 0; y < currentAdapters.Count; y++) { if (adList.m_nAdapterHandle[x] == currentAdapters[y].adapterHandle) { found = true; } } if (!found) { NetworkAdapter newAdapter = new NetworkAdapter(adList.m_nAdapterHandle[x], Encoding.ASCII.GetString(adList.m_szAdapterNameList, x * 256, 256)); if (newAdapter.InterfaceInformation != null) { tempList.Add(newAdapter); } } } currentAdapters = new List <NetworkAdapter>(tempList); succeeded = true; } }
static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine(@"Command line syntax: PacketSniffer.exe index num [-promisc] index - network interface index. num - number or packets to capture -promisc - optional parameter. When specified network interface is switched to the promiscuous mode.\n\tYou can use ListAdapters to determine correct index.\n"); return; } var promisciousMode = args.Length == 3 && args[2].Equals("-promisc"); var adapterIndex = uint.Parse(args[0]) - 1; var packetsCount = int.Parse(args[1]); try { var driverPtr = Ndisapi.OpenFilterDriver(); if (!Ndisapi.IsDriverLoaded(driverPtr)) { throw new ApplicationException("Cannot load driver"); } // Retrieve adapter list var adList = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adList); uint dwOldHwFilter = 0; if (promisciousMode) { if (!Ndisapi.GetHwPacketFilter(driverPtr, adList.m_nAdapterHandle[adapterIndex], ref dwOldHwFilter)) { Console.WriteLine("Failed to get current packet filter from the network interface."); } else { Console.WriteLine("Succeded to get current packet filter from the network interface. dwOldHwFilter = {0}", dwOldHwFilter); } if (!Ndisapi.SetHwPacketFilter(driverPtr, adList.m_nAdapterHandle[adapterIndex], 0x00000020 /*NDIS_PACKET_TYPE_PROMISCUOUS*/)) { Console.WriteLine("Failed to set promiscuous mode for the network interface."); } else { Console.WriteLine("Succeded to set promiscuous mode for the network interface."); } } // Set listen mode for the selected network interface var mode = new ADAPTER_MODE { dwFlags = Ndisapi.MSTCP_FLAG_SENT_LISTEN | Ndisapi.MSTCP_FLAG_RECV_LISTEN, hAdapterHandle = adList.m_nAdapterHandle[adapterIndex] }; if (promisciousMode) { mode.dwFlags = mode.dwFlags | Ndisapi.MSTCP_FLAG_FILTER_DIRECT | Ndisapi.MSTCP_FLAG_LOOPBACK_BLOCK; } Ndisapi.SetAdapterMode(driverPtr, ref mode); // Allocate and initialize packet structures var buffer = new INTERMEDIATE_BUFFER(); var bufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer)); Win32Api.ZeroMemory(bufferPtr, Marshal.SizeOf(buffer)); var request = new ETH_REQUEST { hAdapterHandle = adList.m_nAdapterHandle[adapterIndex], EthPacket = { Buffer = bufferPtr } }; while (packetsCount > 0) { if (Ndisapi.ReadPacket(driverPtr, ref request)) { --packetsCount; buffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(bufferPtr, typeof(INTERMEDIATE_BUFFER)); WriteToConsole(buffer, bufferPtr); } else { Console.Write("."); System.Threading.Thread.Sleep(100); } } Marshal.FreeHGlobal(bufferPtr); if (promisciousMode) { Ndisapi.SetHwPacketFilter(driverPtr, adList.m_nAdapterHandle[adapterIndex], dwOldHwFilter); } Ndisapi.CloseFilterDriver(driverPtr); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } }
static void Main() { try { var ndisHandler = Ndisapi.OpenFilterDriver(); var adapterList = new TCP_AdapterList(); var currentMacRequest = new PACKET_OID_DATA(); var statRequest = new PACKET_OID_DATA(); statRequest.Length = sizeof(int); GCHandle.Alloc(adapterList); if (!(Ndisapi.IsDriverLoaded(ndisHandler))) { throw new Exception("Driver failed to load or was not installed."); } var result = Ndisapi.GetTcpipBoundAdaptersInfo(ndisHandler, ref adapterList); if (!result) { throw new ApplicationException("Cannot get network adapters list."); } for (var i = 0; i < adapterList.m_nAdapterCount; i++) { currentMacRequest.Length = 6; currentMacRequest.Oid = Oid8023CurrentAddress; currentMacRequest.hAdapterHandle = adapterList.m_nAdapterHandle[i]; statRequest.hAdapterHandle = adapterList.m_nAdapterHandle[i]; if (!Ndisapi.NdisrdRequest(ndisHandler, ref currentMacRequest, false)) { continue; } var data = currentMacRequest.GetData(); Console.WriteLine("{0}) Current MAC is {1:X2}-{2:X2}-{3:X2}-{4:X2}-{5:X2}-{6:X2} ", i + 1, data[0], data[1], data[2], data[3], data[4], data[5]); statRequest.Oid = OidGenXmitOk; if (Ndisapi.NdisrdRequest(ndisHandler, ref statRequest, false)) { Console.WriteLine("\tFrames transmitted without errors = {0}", BitConverter.ToUInt32(statRequest.GetData(), 0)); } statRequest.Oid = OidGenRcvOk; Ndisapi.NdisrdRequest(ndisHandler, ref statRequest, false); Console.WriteLine("\tFrames received without errors = {0}", BitConverter.ToUInt32(statRequest.GetData(), 0)); statRequest.Oid = OidGenXmitError; Ndisapi.NdisrdRequest(ndisHandler, ref statRequest, false); Console.WriteLine("\tFrames that a NIC failed to transmit = {0}", BitConverter.ToUInt32(statRequest.GetData(), 0)); statRequest.Oid = OidGenRcvError; Ndisapi.NdisrdRequest(ndisHandler, ref statRequest, false); Console.WriteLine("\tFrames that a NIC have not indicated due to errors = {0}", BitConverter.ToUInt32(statRequest.GetData(), 0)); } Ndisapi.CloseFilterDriver(ndisHandler); } catch (Exception ex) { Console.WriteLine(ex); } }
static void Main(string[] args) { try { if (args.Length < 2) { Console.WriteLine( "Command line syntax:\n\tfilter.exe index scenario \n\tindex - network interface index.\n\tscenario - sample set of filters to load.\n\tYou can use ListAdapters to determine correct index."); Console.WriteLine("Available Scenarios:"); Console.WriteLine("1 - Redirect only IPv4 DNS packets for processing in user mode."); Console.WriteLine("2 - Redirect only HTTP(TCP port 80) packets for processing in user mode. Both IPv4 and IPv6 protocols."); Console.WriteLine("3 - Drop all IPv4 ICMP packets. Redirect all other packets to user mode (default behaviour)."); Console.WriteLine("4 - Block IPv4 access to http://www.ntkernel.com. Pass all other packets without processing in user mode."); Console.WriteLine("5 - Redirect only ARP/RARP packets to user mode. Pass all others."); return; } var adapterIndex = uint.Parse(args[0]) - 1; var scena = uint.Parse(args[1]); var driverPtr = Ndisapi.OpenFilterDriver(); if (!Ndisapi.IsDriverLoaded(driverPtr)) { Console.WriteLine("Driver not installed on this system of failed to load."); return; } // Retrieve adapter list var adapters = new TCP_AdapterList(); Ndisapi.GetTcpipBoundAdaptersInfo(driverPtr, ref adapters); // Set tunnel mode for the selected network interface var mode = new ADAPTER_MODE { dwFlags = Ndisapi.MSTCP_FLAG_SENT_TUNNEL | Ndisapi.MSTCP_FLAG_RECV_TUNNEL, hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex] }; Ndisapi.SetAdapterMode(driverPtr, ref mode); // Create and set event for the adapter var manualResetEvent = new ManualResetEvent(false); Ndisapi.SetPacketEvent(driverPtr, adapters.m_nAdapterHandle[adapterIndex], manualResetEvent.SafeWaitHandle); var filtersTable = new STATIC_FILTER_TABLE(); filtersTable.m_StaticFilters = new STATIC_FILTER[256]; switch (scena) { case 1: filtersTable.m_TableSize = 3; //************************************************************************************** // 1. Outgoing DNS requests filter: REDIRECT OUT UDP packets with destination PORT 53 // Common values filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND; // Network layer filter filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 17; //IPPROTO_UDP // Transport layer filter filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 53; // DNS filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 53; //**************************************************************************************** // 2. Incoming DNS responses filter: REDIRECT IN UDP packets with source PORT 53 // Common values filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE; // Network layer filter filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL; filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 17; //IPPROTO_UDP // Transport layer filter filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT; filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53; // DNS filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53; //*************************************************************************************** // 3. Pass all packets (skipped by previous filters) without processing in user mode // Common values filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[2].m_ValidFields = 0; filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS; filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND; break; case 2: filtersTable.m_TableSize = 5; //************************************************************************************** // 1. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv4 // Common values filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND; // Network layer filter filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP // Transport layer filter filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80; //**************************************************************************************** // 2. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv4 // Common values filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE; // Network layer filter filtersTable.m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL; filtersTable.m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP // Transport layer filter filtersTable.m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT; filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP filtersTable.m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80; //**************************************************************************************** // 3. Outgoing HTTP requests filter: REDIRECT OUT TCP packets with destination PORT 80 IPv6 // Common values filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[2].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND; // Network layer filter filtersTable.m_StaticFilters[2].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6; filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL; filtersTable.m_StaticFilters[2].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP // Transport layer filter filtersTable.m_StaticFilters[2].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT; filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP filtersTable.m_StaticFilters[2].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80; //**************************************************************************************** // 4. Incoming HTTP responses filter: REDIRECT IN TCP packets with source PORT 80 IPv6 // Common values filtersTable.m_StaticFilters[3].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[3].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[3].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[3].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE; // Network layer filter filtersTable.m_StaticFilters[3].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV6; filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V6_FILTER_PROTOCOL; filtersTable.m_StaticFilters[3].m_NetworkFilter.m_IPv4.m_Protocol = 6; // IPPROTO_TCP // Transport layer filter filtersTable.m_StaticFilters[3].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_SRC_PORT; filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP filtersTable.m_StaticFilters[3].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80; //*************************************************************************************** // 5. Pass all packets (skipped by previous filters) without processing in user mode // Common values filtersTable.m_StaticFilters[4].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[4].m_ValidFields = 0; filtersTable.m_StaticFilters[4].m_FilterAction = Ndisapi.FILTER_PACKET_PASS; filtersTable.m_StaticFilters[4].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND; break; case 3: filtersTable.m_TableSize = 5; //************************************************************************************** // 1. Block all ICMP packets // Common values filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID; filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP; filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE; // Network layer filter filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 1; //IPPROTO_ICMP break; case 4: filtersTable.m_TableSize = 2; //************************************************************************************** // 1. Outgoing HTTP requests filter: DROP OUT TCP packets with destination IP 104.196.49.47 PORT 80 - 443 (http://www.ntkernel.com) // Common values filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.NETWORK_LAYER_VALID | Ndisapi.TRANSPORT_LAYER_VALID; filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_DROP; filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND; // Network layer filter var address = new in_addr(); var mask = new in_addr(); // IP address 104.196.49.47 address.s_b1 = 104; address.s_b2 = 196; address.s_b3 = 49; address.s_b4 = 47; // Network mask 255.255.255.255 mask.s_b1 = 255; mask.s_b2 = 255; mask.s_b3 = 255; mask.s_b4 = 255; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = Ndisapi.IPV4; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = Ndisapi.IP_V4_FILTER_PROTOCOL | Ndisapi.IP_V4_FILTER_DEST_ADDRESS; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_AddressType = Ndisapi.IP_SUBNET_V4_TYPE; filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_Ip = address.s_addr; // IP address filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_IpMask = mask.s_addr; // network mask filtersTable.m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = 6; //IPPROTO_TCP // Transport layer filter filtersTable.m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = Ndisapi.TCPUDP; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = Ndisapi.TCPUDP_DEST_PORT; filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP filtersTable.m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 443; //HTTPS //*************************************************************************************** // 2. Pass all packets (skipped by previous filters) without processing in user mode // Common values filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[1].m_ValidFields = 0; filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_PASS; filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND; break; case 5: filtersTable.m_TableSize = 3; //************************************************************************************** // 1. Redirects all ARP packets to be processes by user mode application // Common values filtersTable.m_StaticFilters[0].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[0].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID; filtersTable.m_StaticFilters[0].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[0].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE; filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3; filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL; filtersTable.m_StaticFilters[0].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP; //************************************************************************************** // 1. Redirects all RARP packets to be processes by user mode application // Common values filtersTable.m_StaticFilters[1].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[1].m_ValidFields = Ndisapi.DATA_LINK_LAYER_VALID; filtersTable.m_StaticFilters[1].m_FilterAction = Ndisapi.FILTER_PACKET_REDIRECT; filtersTable.m_StaticFilters[1].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_SEND | Ndisapi.PACKET_FLAG_ON_RECEIVE; filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_dwUnionSelector = Ndisapi.ETH_802_3; filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_ValidFields = Ndisapi.ETH_802_3_PROTOCOL; filtersTable.m_StaticFilters[1].m_DataLinkFilter.m_Eth8023Filter.m_Protocol = 0x0806; // ETH_P_ARP; //*************************************************************************************** // 2. Pass all packets (skipped by previous filters) without processing in user mode // Common values filtersTable.m_StaticFilters[2].m_Adapter = 0; // applied to all adapters filtersTable.m_StaticFilters[2].m_ValidFields = 0; filtersTable.m_StaticFilters[2].m_FilterAction = Ndisapi.FILTER_PACKET_PASS; filtersTable.m_StaticFilters[2].m_dwDirectionFlags = Ndisapi.PACKET_FLAG_ON_RECEIVE | Ndisapi.PACKET_FLAG_ON_SEND; break; default: Console.WriteLine("Unknown test scenario specified. Exiting."); return; } // Load filters into driver Ndisapi.SetPacketFilterTable(driverPtr, ref filtersTable); // Allocate and initialize packet structures var request = new ETH_REQUEST(); var buffer = new INTERMEDIATE_BUFFER(); var bufferPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buffer)); Win32Api.ZeroMemory(bufferPtr, Marshal.SizeOf(buffer)); request.hAdapterHandle = adapters.m_nAdapterHandle[adapterIndex]; request.EthPacket.Buffer = bufferPtr; while (true) { manualResetEvent.WaitOne(); while (Ndisapi.ReadPacket(driverPtr, ref request)) { buffer = (INTERMEDIATE_BUFFER)Marshal.PtrToStructure(bufferPtr, typeof(INTERMEDIATE_BUFFER)); WriteToConsole(buffer, bufferPtr); if (buffer.m_dwDeviceFlags == Ndisapi.PACKET_FLAG_ON_SEND) { Ndisapi.SendPacketToAdapter(driverPtr, ref request); } else { Ndisapi.SendPacketToMstcp(driverPtr, ref request); } } manualResetEvent.Reset(); } } catch (Exception ex) { Console.WriteLine(ex); } }