by Mc Kiernan, Daniel Kia » Wed, 19 Dec 2001 18:55:17
I want to be able to intercept data flowing on both sides of the transport
layer.
Thus I need to access and modify the relevant references to and from the
transport layer. Ideally, I'd like to use the most robust technique
available.
Is there available documentation on how to do this, and if so then where?
by Gryp » Wed, 19 Dec 2001 22:55:54
I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty goodQuote:> In Windows 2000:
> I want to be able to intercept data flowing on both sides of the transport
> layer.
> Thus I need to access and modify the relevant references to and from the
> transport layer. Ideally, I'd like to use the most robust technique
> available.
> Is there available documentation on how to do this, and if so then where?
As for 'how-to' texts, you *may* find something useful on PacketStorm
(.org):
http://packetstorm.decepticons.org/
or even SecurityFocus:
http://www.securityfocus.com
Cheers,
Gryph
--
I'm livin' in the 70's
I feel like I lost my keys
Got the right day but I got the wrong week
And I get paid for just bein' a freak
by Mc Kiernan, Daniel Kia » Sun, 23 Dec 2001 10:53:54
I'm sufficiently TCP/IP savvy. My problem is that I'm not sufficientlyQuote:> I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty good
> indepth:
> http://publib-
> b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/gg243376.html?Open
> As for 'how-to' texts, you *may* find something useful on PacketStorm
> (.org):
> http://packetstorm.decepticons.org/
> or even SecurityFocus:
> http://www.securityfocus.com
These sites that you've suggested are focussed on such things as the
structure of headers. What I need to do, however, is intercept and modify
data between layers.
Upon research, it seems that I can figure out how to do this on one side of
the TCP layer by examining source of winsock.dll. This leaves the problem
of data travelling between the TCP and the IP layer. Microsoft supplies
these togther as tcpip.sys. I'm staring at a single pice of machinery,
within which I know are some pipes that into which I need to splice. To do
that, I have to identify where and how the relevant functions are
referenced.
by Phil Bouchera » Sun, 30 Dec 2001 06:50:37
Cheers,
Phil
in message
> > I don't how TCP/IP savvy you are, but the IBM Redbook is a pretty good
> > indepth:
> > http://publib-
> > b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/gg243376.html?Open
> > As for 'how-to' texts, you *may* find something useful on PacketStorm
> > (.org):
> > http://packetstorm.decepticons.org/
> > or even SecurityFocus:
> > http://www.securityfocus.com
> I'm sufficiently TCP/IP savvy. My problem is that I'm not sufficiently
> Windows savvy.
> These sites that you've suggested are focussed on such things as the
> structure of headers. What I need to do, however, is intercept and modify
> data between layers.
> Upon research, it seems that I can figure out how to do this on one side
of
> the TCP layer by examining source of winsock.dll. This leaves the problem
> of data travelling between the TCP and the IP layer. Microsoft supplies
> these togther as tcpip.sys. I'm staring at a single pice of machinery,
> within which I know are some pipes that into which I need to splice. To
do
> that, I have to identify where and how the relevant functions are
> referenced.
by Mc Kiernan, Daniel Kia » Sun, 06 Jan 2002 19:17:30
Ah, but I didn't need the source for MS's winsock.dll; I just needed sourceQuote:> I doubt if you'll be able to find the source to winsock.dll unless you
> work for Microsoft ...
That point is moot, as I've got better documentation for that side of
things. I'm still seeking information on splicing between the TCP layer and
the IP layer.
by Markus Fische » Fri, 01 Mar 2002 18:43:01
markus
> > I doubt if you'll be able to find the source to winsock.dll unless you
> > work for Microsoft ...
> Ah, but I didn't need the source for MS's winsock.dll; I just needed source
> for _some_ winsock.dll. And, indeed, I got that.
> That point is moot, as I've got better documentation for that side of
> things. I'm still seeking information on splicing between the TCP layer and
> the IP layer.
1. TCP/IP packet - Protocol := 17 in IP-layer ?
Hello,
I'm snooping at packets that get send by my Win95 machine, to get a
working knowledge of how & what get's send. While dis-assembling the
packet-data I found that the Protocol mentioned in the IP-header was 17.
That would mean that (according to RFC 1700) an UDP-packet should follow
.... But it after examining the Packet's data it looks like there is a
TCP-packet following ....
Can anyone shed some light on the matter ?
Regards,
Rudy Wieser
3. Getting all Packets sent to TCP/IP Layer on windows NT
4. SHAREWARE DEMO: Time & Invoices for AutoCAD
5. Access to lower Protocol layers? TCP/IP
7. Ability to interact with TCP-IP layers in windows
8. VS ^ will not install on W2K errors
9. Adding Additional Transport Layer for RPC On Win2k/NT4.0
10. Question: transport layer of named pipe?
11. Adding Additional Transport Layer for RPC On Win2k/NT4.0
12. Transport Layer Interface (TLI)
13. Getting TCP Data in the Filter driver over TCP/IP.sys