Thread: FWPM_LAYER_INBOUND | OUTBOUND_IPPACKET_V4 capture all packet in WFP ?

  1. 10-05-2012 #1
    headshot9x
    headshot9x is offline
    Registered User
    Join Date
    Oct 2012
    Posts
    1

    Question FWPM_LAYER_INBOUND | OUTBOUND_IPPACKET_V4 capture all packet in WFP ?

    Hi guys
    I have read
    Filtering Layer Identifiers
    Filtering Conditions Available at Each Filtering Layer
    Data Offset Positions (Windows Drivers)
    How to get sourceInterfaceIndex at FWPM_LAYER_INBOUND_IPPACKET_V4
    WFP: Layer and filter conditions to capture all packets?
    WFP: Layer and filter conditions to capture all packets?

    Appears in the WDK version 8.0, they have not found, so you can give me some hints to solve this problem.
    More, as well as answers to people if you have questions about this

    I try capture all packet . you can see and get me point the mistakes or lack , i need changed and addition

    Code:
    void Capture_Packet()
{
    UINT32                status          = NO_ERROR;
    UINT32    count_packet = 0;
    unsigned long     ip_src, ip_des;
    HANDLE                engineHandle    = 0;
    FWPM_FILTER           filter          = {0};
    FWPM_FILTER_CONDITION filterCondition = {0};

    status = FwpmEngineOpen(0,RPC_C_AUTHN_WINNT, 0,0,&engineHandle);

    if(status != NO_ERROR)
    {
        goto EXIT;
    }

    filter.displayData.name    = L"Capture packet";
    filter.layerKey            = FWPM_LAYER_INBOUND_IPPACKET_V4;
    //filter.layerKey            = FWPM_LAYER_OUTBOUND_IPPACKET_V4;

    filter.action.type         = FWP_ACTION_PERMIT;
    filter.weight.type        = FWP_EMPTY;
    filter.filterCondition     = &filterCondition;
    filter.numFilterConditions = 0;   // 0 capture all packet  

    //filterCondition.fieldKey = FWPM_CONDITION_ALE_PROMISCUOUS_MODE;
    //filterCondition.conditionValue.type   = FWP_UINT32 ;
    //filterCondition.conditionValue.uint8 = ???

    status = FwpmFilterAdd(engineHandle,&filter,0,&(filter.filterId));

    if(status != NO_ERROR)
    {
        goto EXIT;
    }

    // in this case : network LAN using Proxy-Server or Web-Proxy 
    // filter engine at Server ( LAN++++++Server++++++Internet )
    //capture all packet in LAN before the packet processing and forwarding to Proxy.
    for (UINT32 i=0 ; i < count_packet ; i++)
    {
        //    printf("Packet : %d  from IP source : %s  to IP destination : %s    \n" ,i, inet_toa(ip_src) ????,inet_toa(ip_des) ????);
    }


EXIT:
    //FwpmFilterDeleteById(engineHandle,filter.filterId);
    FwpmEngineClose(engineHandle);
}
    But it`s not working . i`m use Vs 2012 , WDK 8.0
    Thank you so much.
  2. 10-06-2012 #2
    Salem
    Salem is offline
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,659
    Also here -> http://www.dreamincode.net/forums/to...packet-in-wfp/
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How to get packet IP?
    By leetow2003 in forum Linux Programming
    Replies: 6
    Last Post: 07-11-2011, 11:28 AM
  2. Ethernet Packet capture
    By smash_boxes in forum Networking/Device Communication
    Replies: 5
    Last Post: 08-06-2009, 11:45 PM
  3. Capture the screen
    By Livijn in forum C# Programming
    Replies: 3
    Last Post: 10-30-2008, 06:36 AM
  4. Ethereal Capture
    By manutd in forum Tech Board
    Replies: 5
    Last Post: 11-29-2006, 06:19 PM
  5. TCP/IP packet run-together-ing
    By ygfperson in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 02-10-2003, 04:42 PM