static void Main(string[] args) { NdisApiDotNet ndisapi = new NdisApiDotNet(null); Console.ResetColor(); Console.CancelKeyPress += HandleCancelKeyPress; if (!ndisapi.IsDriverLoaded()) { Console.WriteLine("WinpkFilter driver is not loaded. Exiting."); return; } var vpnAdapter = NetworkAdapterHelper.GetVpnAdapter(ndisapi); var normalAdapter = NetworkAdapterHelper.GetNormalAdapter(ndisapi); var tableList = IpHelperWrapper.GetTcpConnections("firefox"); foreach (var line in tableList) { Console.WriteLine($"Source: {line.Local.Address} Port: {line.Local.Port} -> Destination: {line.Remote.Address} Port: {line.Remote.Port}"); } Console.ReadLine(); LoadOutFilter(vpnAdapter.Handle, tableList); LoadInFilter(normalAdapter.Handle, tableList); LoadFilterEverythingElseFilter(vpnAdapter.Handle); LoadFilterEverythingElseFilter(normalAdapter.Handle); var loaded = ndisapi.SetPacketFilterTable(filterList); outWorker.DoWork += (s, e) => { TreatOUTPacketsVPNtoNormal(ndisapi, vpnAdapter, normalAdapter); }; inWorker.DoWork += (s, e) => { TreatINPacketsNormaltoVPN(ndisapi, normalAdapter, vpnAdapter); }; Console.WriteLine("-- Filtering started"); outWorker.RunWorkerAsync(); inWorker.RunWorkerAsync(); Console.ReadLine(); Console.WriteLine("-- Filtering stopped"); DumpStaticFilters(ndisapi); Console.WriteLine("Stopped!"); Console.ReadLine(); }
static void Main(string[] args) { if (!ndisapi.IsDriverLoaded()) { Console.WriteLine("WinpkFilter driver is not loaded. Exiting."); return; } UInt32 driverVersion = ndisapi.GetVersion(); UInt32 majorVersion = (driverVersion & (0xF000)) >> 12; UInt32 minorVersion1 = (driverVersion & (0xFF000000)) >> 24; UInt32 minorVersion2 = (driverVersion & (0xFF0000)) >> 16; if (ndisapi != null) { Console.WriteLine($"Detected Windows Packet Filter version {majorVersion}.{minorVersion1}.{minorVersion2}"); } Console.WriteLine(); var adapterList = ndisapi.GetTcpipBoundAdaptersInfo(); if (!adapterList.Item1) { Console.WriteLine("WinpkFilter failed to query active interfaces. Exiting."); return; } if (adapterList.Item2.Count > 0) { Console.WriteLine("Available network interfaces: "); } Console.WriteLine(); int counter = 0; foreach (var adapter in adapterList.Item2) { Console.WriteLine($"{++counter}) {adapter.FriendlyName}"); Console.WriteLine($"\t Internal name: {adapter.Name}"); Console.WriteLine($"\t Handle: {adapter.Handle.ToString("x")}"); Console.WriteLine($"\t MAC: {adapter.CurrentAddress}"); Console.WriteLine($"\t Medium: {adapter.Medium}"); Console.WriteLine($"\t MTU: {adapter.Mtu}"); if (adapter.Medium == NDIS_MEDIUM.NdisMediumWan) { var rasLinkInfoList = ndisapi.GetRasLinks(adapter.Handle); if (rasLinkInfoList.Item1 && (rasLinkInfoList.Item2.Count > 0)) { foreach (var e in rasLinkInfoList.Item2) { Console.WriteLine($"----------------------------------------------------------------"); Console.WriteLine($"\t\tLinkSpeed = {e.LinkSpeed}"); Console.WriteLine($"\t\tMTU: {e.MaximumTotalSize}"); Console.WriteLine($"\t\tLocalAddress: {e.LocalAddress}"); Console.WriteLine($"\t\tRemoteAddress: {e.RemoteAddress}"); Byte[] ipAddress = new Byte[4]; Array.Copy(e.ProtocolBuffer, 584, ipAddress, 0, 4); IPAddress ipV4 = new IPAddress(ipAddress); Array.Copy(e.ProtocolBuffer, 588, ipAddress, 0, 4); IPAddress ipMaskV4 = new IPAddress(ipAddress); Console.WriteLine($"\t\tIPv4: {ipV4} Mask: {ipMaskV4}"); Console.WriteLine($"----------------------------------------------------------------"); } } } Console.WriteLine(); } Console.Write("Select network interface: "); int index = Convert.ToInt32(Console.ReadLine()); if (index > adapterList.Item2.Count) { Console.WriteLine($"Wrong interface index {index}"); return; } #region Testing NdisrdRequest API call Console.WriteLine(); Console.WriteLine($"Probing NDIS requests on: {adapterList.Item2[index - 1].FriendlyName}:"); Console.WriteLine(); PacketOidData oidRequest = new PacketOidData(); oidRequest.Adapter = adapterList.Item2[index - 1].Handle; oidRequest.Oid = OID_802_3_CURRENT_ADDRESS; oidRequest.Data = new byte[6]; if (ndisapi.NdisrdRequest(oidRequest, false)) { Console.WriteLine($@"OID_802_3_CURRENT_ADDRESS: Status = OK Value: {new PhysicalAddress(oidRequest.Data)}"); } else { Console.WriteLine($@"OID_802_3_CURRENT_ADDRESS: Status = FAILED"); } oidRequest.Oid = OID_GEN_MAXIMUM_TOTAL_SIZE; oidRequest.Data = new byte[4]; if (ndisapi.NdisrdRequest(oidRequest, false)) { Console.WriteLine($@"OID_GEN_MAXIMUM_TOTAL_SIZE: Status = OK Value: {BitConverter.ToUInt32(oidRequest.Data, 0)}"); } else { Console.WriteLine($@"OID_GEN_MAXIMUM_TOTAL_SIZE: Status = FAILED"); } oidRequest.Oid = OID_GEN_PHYSICAL_MEDIUM; if (ndisapi.NdisrdRequest(oidRequest, false)) { Console.WriteLine($@"OID_GEN_PHYSICAL_MEDIUM: Status = OK Value: {(NdisPhysicalMedium)BitConverter.ToUInt32(oidRequest.Data, 0)}"); } else { Console.WriteLine($@"OID_GEN_PHYSICAL_MEDIUM: Status = FAILED"); } #endregion #region Testing static filters Console.WriteLine(); Console.WriteLine("Please select the static filters set to use:"); Console.WriteLine(); Console.WriteLine(@"1 - IPv4 DNS filter: Redirect and dump only IPv4 DNS packets for processing in user mode."); Console.WriteLine(@"2 - HTTP filter: Redirect and dump only HTTP(TCP port 80) packets for processing in user mode."); Console.WriteLine(@"3 - FQDN filter: Redirect and dump only packets destined to/from selected domain name."); Console.WriteLine(@"4 - Default filter: Redirect and dump all network packets."); Console.WriteLine(@"5 - Silent default: Redirect all network packets. Zero output (performance test option)."); Console.WriteLine(); Console.Write("Select filter option: "); int option = Convert.ToInt32(Console.ReadLine()); if (option > 5) { Console.WriteLine($"Wrong filter option {option}"); return; } bool dumpPackets = true; switch (option) { case 1: LoadIpv4DnsFilter(adapterList.Item2[index - 1].Handle); break; case 2: LoadHttpFilter(adapterList.Item2[index - 1].Handle); break; case 3: Console.Write("Enter FQDN: "); LoadFqdnFilter(adapterList.Item2[index - 1].Handle, Console.ReadLine()); break; case 4: // Do nothing, this is a default behaviour break; case 5: dumpPackets = false; break; default: Console.WriteLine("Wrong filter option. Exiting..."); return; } #endregion // Register a cancel handler that lets us break out of our capture loop Console.CancelKeyPress += HandleCancelKeyPress; ndisapi.SetAdapterMode( adapterList.Item2[index - 1].Handle, MSTCP_FLAGS.MSTCP_FLAG_TUNNEL ); ndisapi.SetPacketEvent(adapterList.Item2[index - 1].Handle, packetEvent); Console.WriteLine($"-- Filtering on {adapterList.Item2[index - 1].FriendlyName}, hit 'ctrl-c' to stop..."); // Lists for re-injecting packets List <RawPacket> toAdapter = new List <RawPacket>(); List <RawPacket> toMstcp = new List <RawPacket>(); // Unmanaged memory resource for sending receiving bulk of packets // Maximum number of packets to send/receive = 64 NdisBufferResource buffer = new NdisBufferResource(64); do { packetEvent.WaitOne(); #region Single packet read/write //RawPacket packet = ndisapi.ReadPacket(adapterList[index - 1].Handle); //while (packet != null) //{ // // use PacketDotNet to parse this packet and print out // // its high level information // Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packet.Data); // try // { // Console.WriteLine(p.ToString()); // } // catch (Exception) // { } // if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE) // { // ndisapi.SendPacketToMstcp(adapterList[index - 1].Handle, packet); // } // else // { // ndisapi.SendPacketToAdapter(adapterList[index - 1].Handle, packet); // } // packet = ndisapi.ReadPacket(adapterList[index - 1].Handle); //}; #endregion #region Bulk of packets read/write var packetList = ndisapi.ReadPackets(adapterList.Item2[index - 1].Handle, buffer); while (packetList.Item1) { foreach (var packet in packetList.Item2) { if (dumpPackets) { Console.WriteLine($"Succesfully read {packetList.Item2.Count} packets from {adapterList.Item2[index - 1].FriendlyName}"); try { // Use PacketDotNet to parse this packet and print out // its high level information Packet p = Packet.ParsePacket(LinkLayers.Ethernet, packet.Data); Console.WriteLine(p.ToString()); } catch (Exception ex) { Console.WriteLine($"An exeption {ex.Message} occured while trying to parse network packet."); } } // Depending on the packet direction insert it to the appropriate list if (packet.DeviceFlags == PACKET_FLAG.PACKET_FLAG_ON_RECEIVE) { toMstcp.Add(packet); } else { toAdapter.Add(packet); } } if (toMstcp.Count > 0) { // If we have packets to forward upwards the network stack then do it here ndisapi.SendPacketsToMstcp(adapterList.Item2[index - 1].Handle, buffer, toMstcp); toMstcp.Clear(); } if (toAdapter.Count > 0) { // If we have packets to forward downwards the network stack then do it here ndisapi.SendPacketsToAdapter(adapterList.Item2[index - 1].Handle, buffer, toAdapter); toAdapter.Clear(); } packetList = ndisapi.ReadPackets(adapterList.Item2[index - 1].Handle, buffer); } ; #endregion packetEvent.Reset(); } while (!stopCapturing); Console.WriteLine("-- Filtering stopped"); // // Release driver and associated resources // buffer.Dispose(); ndisapi.SetPacketEvent(adapterList.Item2[index - 1].Handle, null); ndisapi.SetAdapterMode( adapterList.Item2[index - 1].Handle, 0 ); // // Display loaded static filters // DumpStaticFilters(); }
static void Main(string[] args) { NdisApiDotNet ndisapi = new NdisApiDotNet(null); Console.ResetColor(); Console.CancelKeyPress += HandleCancelKeyPress; if (!ndisapi.IsDriverLoaded()) { Console.WriteLine("WinpkFilter driver is not loaded. Exiting."); return; } var vpnAdapter = NetworkAdapterHelper.GetAdapterById(ndisapi, vpnAdapterID); vpnIP = NetworkAdapterHelper.GetAdapterLocalIP(vpnAdapterID); vpnMacAddress = NetworkAdapterHelper.GetAdapterPhisicalAddress(vpnAdapterID); var normalAdapter = NetworkAdapterHelper.GetAdapterById(ndisapi, normalAdapterID); localIp = NetworkAdapterHelper.GetAdapterLocalIP(normalAdapterID); localMacAddress = NetworkAdapterHelper.GetAdapterPhisicalAddress(normalAdapterID); Console.WriteLine($"======================================================================================"); Console.WriteLine($"Found Ethernet Adapter MAC: {localMacAddress} IP: {localIp}"); Console.WriteLine($"Found VPN Adapter MAC: {vpnMacAddress} IP: {vpnIP}"); Console.WriteLine($"======================================================================================"); if (vpnIP == null) { throw new Exception("VPN not connected"); } var tableList = IpHelperWrapper.GetTcpConnections("firefox"); Console.WriteLine(); Console.WriteLine($"==============================FireFox sockets========================================="); Console.WriteLine($"======================================================================================"); foreach (var line in tableList) { Console.WriteLine($"Source: {line.Local.Address} Port: {line.Local.Port} -> Destination: {line.Remote.Address} Port: {line.Remote.Port}"); } Console.WriteLine($"======================================================================================"); Console.ReadLine(); LoadOutFilter(vpnAdapter.Handle, tableList); LoadInFilter(normalAdapter.Handle, tableList); //LoadTESTInFilter(normalAdapter.Handle, tableList); //LoadTESTOutFilter(normalAdapter.Handle, tableList); //LoadTESTInFilter(vpnAdapter.Handle, tableList); LoadFilterEverythingElseFilter(vpnAdapter.Handle); LoadFilterEverythingElseFilter(normalAdapter.Handle); var loaded = ndisapi.SetPacketFilterTable(filterList); outWorker.DoWork += (s, e) => { TreatOUTPacketsVPNtoNormal(ndisapi, vpnAdapter, normalAdapter); }; inWorker.DoWork += (s, e) => { TreatINPacketsNormaltoVPN(ndisapi, normalAdapter, vpnAdapter); }; Console.WriteLine("-- Filtering started"); outWorker.RunWorkerAsync(); inWorker.RunWorkerAsync(); Console.ReadLine(); Console.WriteLine("-- Filtering stopped"); DumpStaticFilters(ndisapi); Console.WriteLine("Stopped!"); Console.ReadLine(); }