Changing packets as they pass through

Jan 17, 2011 at 11:01 PM
Edited Jan 18, 2011 at 8:16 AM

Hi there,

I have a requirement to take packets originating from the local machine to an external machine (on a particular destination tcp port), and change some of the text (XML based) that is transmitted. Would this library allow me to do this or do you know any pointers that could get me started?

 

Thanks in advance :-)

 

p.s. For a little more detail, I have an application sending a single transmission (packet??) as seen in Wireshark to a device. The packet capture I have shows that the string inside the TCP packet is incorrectly formatted for the device, and of course the application developer, who shall remain unnamed, refuses to support the device in question. I literally have to change 1 text line in the XML text string that is submitted for this thing to work, and using a network layer "packet manipulator" appears to be the only way of doing this. I have strong .NET knowledge (C# and VB.NET) and some C / C++. In terms of what I see in wireshark it is a single entry, not split across multiple lines like a file transfer is when I use Wireshark to packet capture the traffic. I also know the destination IP and destination port, so I know which packets should be manipulated (all others should be passed as normal). Thanks again!

Jan 18, 2011 at 10:00 AM

Hi DominikBM,

Do you have access to the directory (external machine) where those XML files are being dumped by the application created by the developer you mentioned? If yes, then you can manage to manipulate all the XML files itself instead of sniffing the packets?

Pcap.Net cannot directly manipulate the live packets along the wire.

 

 

 

Jan 18, 2011 at 9:50 PM

Thanks techguy0727 for your response. Unfortunately (from what I can tell) everything happens in memory on both the local machine and the device that receives the packets and processes them, I certainly can't see any files being generated anywhere on either end. 

 

Thanks for letting me know that Pcap.Net can't directly manipulate packets along the wire, do you know of anything that could? Just a pointer in the right direction would be extremely useful, if you know of anything.

 

Thanks again!

Jan 19, 2011 at 8:00 AM

Hi DominikBM,

You have to check if the solution to your requirements would need to use NDIS (Network Driver Interface Specification) drivers which directly communicate with network cards.

Please visit: NDIS Developer's Reference for details.

 

 

Coordinator
Jan 21, 2011 at 9:38 AM

Hi DominikBM,

 

Pcap.Net allows you to look at a packet, analyze it and send another packet on the fly.

It doesn't prevent from sent packet being sent, so the original packet might be sent as well.

 

However, you can try to use Pcap.Net in a more sophisticated way.

For example, you can create a proxy or man-in-the-middle application where the two servers don't communicate to each other directly but through your application, which allows you to change each packet between the two.

 

Boaz.