TCP/IP: Transport Layer References

TCP/IP: Transport Layer References

Post by Mc Kiernan, Daniel Kia » Wed, 19 Dec 2001 18:55:17



In Windows 2000:

I want to be able to intercept data flowing on both sides of the transport
layer.

Thus I need to access and modify the relevant references to and from the
transport layer.  Ideally, I'd like to use the most robust technique
available.

Is there available documentation on how to do this, and if so then where?

 
 
 

TCP/IP: Transport Layer References

Post by Gryp » Wed, 19 Dec 2001 22:55:54




subdomain.worldnet.att.net :
Quote:> In Windows 2000:

> I want to be able to intercept data flowing on both sides of the transport
> layer.

> Thus I need to access and modify the relevant references to and from the
> transport layer.  Ideally, I'd like to use the most robust technique
> available.

> Is there available documentation on how to do this, and if so then where?

I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty good
indepth:
http://publib-
b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/gg243376.html?Open

 As for 'how-to' texts, you *may* find something useful on PacketStorm
(.org):
http://packetstorm.decepticons.org/

or even SecurityFocus:

http://www.securityfocus.com

Cheers,
Gryph

--
I'm livin' in the 70's
I feel like I lost my keys
Got the right day but I got the wrong week
And I get paid for just bein' a freak

 
 
 

TCP/IP: Transport Layer References

Post by Mc Kiernan, Daniel Kia » Sun, 23 Dec 2001 10:53:54



Quote:> I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty good
> indepth:
> http://publib-
> b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/gg243376.html?Open

>  As for 'how-to' texts, you *may* find something useful on PacketStorm
> (.org):
> http://packetstorm.decepticons.org/

> or even SecurityFocus:

> http://www.securityfocus.com

I'm sufficiently TCP/IP savvy.  My problem is that I'm not sufficiently
Windows savvy.

These sites that you've suggested are focussed on such things as the
structure of headers.  What I need to do, however, is intercept and modify
data between layers.

Upon research, it seems that I can figure out how to do this on one side of
the TCP layer by examining source of winsock.dll.  This leaves the problem
of data travelling between the TCP and the IP layer.  Microsoft supplies
these togther as tcpip.sys.  I'm staring at a single pice of machinery,
within which I know are some pipes that into which I need to splice.  To do
that, I have to identify where and how the relevant functions are
referenced.

 
 
 

TCP/IP: Transport Layer References

Post by Phil Bouchera » Sun, 30 Dec 2001 06:50:37


I doubt if you'll be able to find the source to winsock.dll unless you work
for Microsoft ... it seems to me that you'll have more luck if you find out
about NDIS drivers and the like,

Cheers,

Phil


in message


> > I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty good
> > indepth:
> > http://publib-
> > b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/gg243376.html?Open

> >  As for 'how-to' texts, you *may* find something useful on PacketStorm
> > (.org):
> > http://packetstorm.decepticons.org/

> > or even SecurityFocus:

> > http://www.securityfocus.com

> I'm sufficiently TCP/IP savvy.  My problem is that I'm not sufficiently
> Windows savvy.

> These sites that you've suggested are focussed on such things as the
> structure of headers.  What I need to do, however, is intercept and modify
> data between layers.

> Upon research, it seems that I can figure out how to do this on one side
of
> the TCP layer by examining source of winsock.dll.  This leaves the problem
> of data travelling between the TCP and the IP layer.  Microsoft supplies
> these togther as tcpip.sys.  I'm staring at a single pice of machinery,
> within which I know are some pipes that into which I need to splice.  To
do
> that, I have to identify where and how the relevant functions are
> referenced.

 
 
 

TCP/IP: Transport Layer References

Post by Mc Kiernan, Daniel Kia » Sun, 06 Jan 2002 19:17:30



Quote:> I doubt if you'll be able to find the source to winsock.dll unless you
> work for Microsoft ...

Ah, but I didn't need the source for MS's winsock.dll; I just needed source
for _some_ winsock.dll.  And, indeed, I got that.

That point is moot, as I've got better documentation for that side of
things.  I'm still seeking information on splicing between the TCP layer and
the IP layer.

 
 
 

TCP/IP: Transport Layer References

Post by Markus Fische » Fri, 01 Mar 2002 18:43:01


Check out LSP's

markus



> > I doubt if you'll be able to find the source to winsock.dll unless you
> > work for Microsoft ...

> Ah, but I didn't need the source for MS's winsock.dll; I just needed source
> for _some_ winsock.dll.  And, indeed, I got that.

> That point is moot, as I've got better documentation for that side of
> things.  I'm still seeking information on splicing between the TCP layer and
> the IP layer.

 
 
 

1. TCP/IP packet - Protocol := 17 in IP-layer ?

Hello,

  I'm snooping at packets that get send by my Win95 machine, to get a
working knowledge of how & what get's send.  While dis-assembling the
packet-data I found that the Protocol mentioned in the IP-header was 17.
That would mean that (according to RFC 1700) an UDP-packet should follow
....  But it after examining the Packet's data it looks like there is a
TCP-packet following ....

Can anyone shed some light on the matter ?

Regards,
  Rudy Wieser

2. Sound Monitor V2.0

3. Getting all Packets sent to TCP/IP Layer on windows NT

4. SHAREWARE DEMO: Time & Invoices for AutoCAD

5. Access to lower Protocol layers? TCP/IP

6. Watcom and Soft-ICE

7. Ability to interact with TCP-IP layers in windows

8. VS ^ will not install on W2K errors

9. Adding Additional Transport Layer for RPC On Win2k/NT4.0

10. Question: transport layer of named pipe?

11. Adding Additional Transport Layer for RPC On Win2k/NT4.0

12. Transport Layer Interface (TLI)

13. Getting TCP Data in the Filter driver over TCP/IP.sys