static void Main(string[] args)
{
if (!ndisapi.IsDriverLoaded())
{
Console.WriteLine("WinpkFilter driver is not loaded. Exiting.");
return;
}
UInt32 driverVersion = ndisapi.GetVersion();
UInt32 majorVersion = (driverVersion & (0xF000)) >> 12;
UInt32 minorVersion1 = (driverVersion & (0xFF000000)) >> 24;
UInt32 minorVersion2 = (driverVersion & (0xFF0000)) >> 16;
if (ndisapi != null)
{
Console.WriteLine($"Detected Windows Packet Filter version {majorVersion}.{minorVersion1}.{minorVersion2}");
}
Console.WriteLine();
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
if (!adapterList.Item1)
{
Console.WriteLine("WinpkFilter failed to query active interfaces. Exiting.");
return;
}
if (adapterList.Item2.Count > 0)
{
Console.WriteLine("Available network interfaces: ");
}
Console.WriteLine();
int counter = 0;
foreach (var adapter in adapterList.Item2)
{
Console.WriteLine($"{++counter}) {adapter.FriendlyName}");
Console.WriteLine($"\t Internal name: {adapter.Name}");
Console.WriteLine($"\t Handle: {adapter.Handle.ToString("x")}");
Console.WriteLine($"\t MAC: {adapter.CurrentAddress}");
Console.WriteLine($"\t Medium: {adapter.Medium}");
Console.WriteLine($"\t MTU: {adapter.Mtu}");
if (adapter.Medium == NDIS_MEDIUM.NdisMediumWan)
{
var rasLinkInfoList = ndisapi.GetRasLinks(adapter.Handle);
if (rasLinkInfoList.Item1 && (rasLinkInfoList.Item2.Count > 0))
{
foreach (var e in rasLinkInfoList.Item2)
{
Console.WriteLine($"----------------------------------------------------------------");
Console.WriteLine($"\t\tLinkSpeed = {e.LinkSpeed}");
Console.WriteLine($"\t\tMTU: {e.MaximumTotalSize}");
Console.WriteLine($"\t\tLocalAddress: {e.LocalAddress}");
Console.WriteLine($"\t\tRemoteAddress: {e.RemoteAddress}");
Byte[] ipAddress = new Byte[4];
Array.Copy(e.ProtocolBuffer, 584, ipAddress, 0, 4);
IPAddress ipV4 = new IPAddress(ipAddress);
Array.Copy(e.ProtocolBuffer, 588, ipAddress, 0, 4);
IPAddress ipMaskV4 = new IPAddress(ipAddress);
Console.WriteLine($"\t\tIPv4: {ipV4} Mask: {ipMaskV4}");
Console.WriteLine($"----------------------------------------------------------------");
}
}
}
Console.WriteLine();
}
Console.Write("Select network interface: ");
int index = Convert.ToInt32(Console.ReadLine());
if (index > adapterList.Item2.Count)
{
Console.WriteLine($"Wrong interface index {index}");
return;
}
#region Testing NdisrdRequest API call
Console.WriteLine();
Console.WriteLine($"Probing NDIS requests on: {adapterList.Item2[index - 1].FriendlyName}:");
Console.WriteLine();
PacketOidData oidRequest = new PacketOidData();
oidRequest.Adapter = adapterList.Item2[index - 1].Handle;
oidRequest.Oid = OID_802_3_CURRENT_ADDRESS;
oidRequest.Data = new byte[6];
if (ndisapi.NdisrdRequest(oidRequest, false))
{
Console.WriteLine($@"OID_802_3_CURRENT_ADDRESS: Status = OK Value: {new PhysicalAddress(oidRequest.Data)}");
}
else
{
Console.WriteLine($@"OID_802_3_CURRENT_ADDRESS: Status = FAILED");
}
oidRequest.Oid = OID_GEN_MAXIMUM_TOTAL_SIZE;
oidRequest.Data = new byte[4];
if (ndisapi.NdisrdRequest(oidRequest, false))
{
Console.WriteLine($@"OID_GEN_MAXIMUM_TOTAL_SIZE: Status = OK Value: {BitConverter.ToUInt32(oidRequest.Data, 0)}");
}
else
{
Console.WriteLine($@"OID_GEN_MAXIMUM_TOTAL_SIZE: Status = FAILED");
}
oidRequest.Oid = OID_GEN_PHYSICAL_MEDIUM;
if (ndisapi.NdisrdRequest(oidRequest, false))
{
Console.WriteLine($@"OID_GEN_PHYSICAL_MEDIUM: Status = OK Value: {(NdisPhysicalMedium)BitConverter.ToUInt32(oidRequest.Data, 0)}");
}
else
{
Console.WriteLine($@"OID_GEN_PHYSICAL_MEDIUM: Status = FAILED");
}
#endregion
#region Testing static filters
Console.WriteLine();
Console.WriteLine("Please select the static filters set to use:");
Console.WriteLine();
Console.WriteLine(@"1 - IPv4 DNS filter: Redirect and dump only IPv4 DNS packets for processing in user mode.");
Console.WriteLine(@"2 - HTTP filter: Redirect and dump only HTTP(TCP port 80) packets for processing in user mode.");
Console.WriteLine(@"3 - FQDN filter: Redirect and dump only packets destined to/from selected domain name.");
Console.WriteLine(@"4 - Default filter: Redirect and dump all network packets.");
Console.WriteLine(@"5 - Silent default: Redirect all network packets. Zero output (performance test option).");
Console.WriteLine();
Console.Write("Select filter option: ");
int option = Convert.ToInt32(Console.ReadLine());
if (option > 5)
{
Console.WriteLine($"Wrong filter option {option}");
return;
}
bool dumpPackets = true;
switch (option)
{
case 1:
LoadIpv4DnsFilter(adapterList.Item2[index - 1].Handle);
break;
case 2:
LoadHttpFilter(adapterList.Item2[index - 1].Handle);
break;
case 3:
Console.Write("Enter FQDN: ");
LoadFqdnFilter(adapterList.Item2[index - 1].Handle, Console.ReadLine());
break;
case 4:
// Do nothing, this is a default behaviour
break;
case 5:
dumpPackets = false;
break;
default:
Console.WriteLine("Wrong filter option. Exiting...");
return;
}
#endregion
// Register a cancel handler that lets us break out of our capture loop
Console.CancelKeyPress += HandleCancelKeyPress;
ndisapi.SetAdapterMode(
adapterList.Item2[index - 1].Handle,
MSTCP_FLAGS.MSTCP_FLAG_TUNNEL
);
ndisapi.SetPacketEvent(adapterList.Item2[index - 1].Handle, packetEvent);
Console.WriteLine($"-- Filtering on {adapterList.Item2[index - 1].FriendlyName}, hit 'ctrl-c' to stop...");
// Lists for re-injecting packets
List <RawPacket> toAdapter = new List <RawPacket>();
List <RawPacket> toMstcp = new List <RawPacket>();
// Unmanaged memory resource for sending receiving bulk of packets
// Maximum number of packets to send/receive = 64
NdisBufferResource buffer = new NdisBufferResource(64);
do
{
packetEvent.WaitOne();
#region Single packet read/write
//RawPacket packet = ndisapi.ReadPacket(adapterList[index - 1].Handle);
//while (packet != null)
//{
// // use PacketDotNet to parse this packet and print out
// // its high level information
// Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packet.Data);
// try
// {
// Console.WriteLine(p.ToString());
// }
// catch (Exception)
// { }
// if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE)
// {
// ndisapi.SendPacketToMstcp(adapterList[index - 1].Handle, packet);
// }
// else
// {
// ndisapi.SendPacketToAdapter(adapterList[index - 1].Handle, packet);
// }
// packet = ndisapi.ReadPacket(adapterList[index - 1].Handle);
//};
#endregion
#region Bulk of packets read/write
var packetList = ndisapi.ReadPackets(adapterList.Item2[index - 1].Handle, buffer);
while (packetList.Item1)
{
foreach (var packet in packetList.Item2)
{
if (dumpPackets)
{
Console.WriteLine($"Succesfully read {packetList.Item2.Count} packets from {adapterList.Item2[index - 1].FriendlyName}");
try
{
// Use PacketDotNet to parse this packet and print out
// its high level information
Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packet.Data);
Console.WriteLine(p.ToString());
}
catch (Exception ex)
{
Console.WriteLine($"An exeption {ex.Message} occured while trying to parse network packet.");
}
}
// Depending on the packet direction insert it to the appropriate list
if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE)
{
toMstcp.Add(packet);
}
else
{
toAdapter.Add(packet);
}
}
if (toMstcp.Count > 0)
{
// If we have packets to forward upwards the network stack then do it here
ndisapi.SendPacketsToMstcp(adapterList.Item2[index - 1].Handle, buffer, toMstcp);
toMstcp.Clear();
}
if (toAdapter.Count > 0)
{
// If we have packets to forward downwards the network stack then do it here
ndisapi.SendPacketsToAdapter(adapterList.Item2[index - 1].Handle, buffer, toAdapter);
toAdapter.Clear();
}
packetList = ndisapi.ReadPackets(adapterList.Item2[index - 1].Handle, buffer);
}
;
#endregion
packetEvent.Reset();
} while (!stopCapturing);
Console.WriteLine("-- Filtering stopped");
//
// Release driver and associated resources
//
buffer.Dispose();
ndisapi.SetPacketEvent(adapterList.Item2[index - 1].Handle, null);
ndisapi.SetAdapterMode(
adapterList.Item2[index - 1].Handle,
0
);
//
// Display loaded static filters
//
DumpStaticFilters();
}
public static NetworkAdapter GetAdapter(NdisApiDotNet ndisapi)
{
var adapterList = ndisapi.GetTcpipBoundAdaptersInfo();
if (!adapterList.Item1)
{
Console.WriteLine("WinpkFilter failed to query active interfaces. Exiting.");
return(null);
}
if (adapterList.Item2.Count > 0)
{
Console.WriteLine("Available network interfaces: ");
}
Console.WriteLine();
int counter = 0;
foreach (var adapter in adapterList.Item2)
{
Console.WriteLine($"{++counter}) {adapter.FriendlyName}");
Console.WriteLine($"\t Internal name: {adapter.Name}");
Console.WriteLine($"\t Handle: {adapter.Handle.ToString("x")}");
Console.WriteLine($"\t MAC: {adapter.CurrentAddress}");
Console.WriteLine($"\t Medium: {adapter.Medium}");
Console.WriteLine($"\t MTU: {adapter.Mtu}");
if (adapter.Medium == NDIS_MEDIUM.NdisMediumWan)
{
var rasLinkInfoList = ndisapi.GetRasLinks(adapter.Handle);
if (rasLinkInfoList.Item1 && (rasLinkInfoList.Item2.Count > 0))
{
foreach (var e in rasLinkInfoList.Item2)
{
Console.WriteLine($"----------------------------------------------------------------");
Console.WriteLine($"\t\tLinkSpeed = {e.LinkSpeed}");
Console.WriteLine($"\t\tMTU: {e.MaximumTotalSize}");
Console.WriteLine($"\t\tLocalAddress: {e.LocalAddress}");
Console.WriteLine($"\t\tRemoteAddress: {e.RemoteAddress}");
Byte[] ipAddress = new Byte[4];
Array.Copy(e.ProtocolBuffer, 584, ipAddress, 0, 4);
IPAddress ipV4 = new IPAddress(ipAddress);
Array.Copy(e.ProtocolBuffer, 588, ipAddress, 0, 4);
IPAddress ipMaskV4 = new IPAddress(ipAddress);
Console.WriteLine($"\t\tIPv4: {ipV4} Mask: {ipMaskV4}");
Console.WriteLine($"----------------------------------------------------------------");
}
}
}
Console.WriteLine();
}
Console.Write("Select network interface: ");
int index = Convert.ToInt32(Console.ReadLine());
if (index > adapterList.Item2.Count)
{
Console.WriteLine($"Wrong interface index {index}");
return(null);
}
return(adapterList.Item2[index - 1]);
}