Intercepting network traffic is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:
There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.
Barak
Intercept DNS port can be done with number of ways:
Barak
NDIS Miniport is a synonym for NDIS IM which is used when you need to change packets at Kernel level, this includes modifying the header and body, dropping or adding packets.
At Komodia we use a NDIS IM driver for our new NAT server interception.
Barak
On fly modify HTTP traffic can be easily be done with Komodia’s Network Redirection SDK which uses Winsock LSP as the base for its operations. It also has many optional modules, one of the most popular is the SSL Decryption module.
Barak
TDI Filter is sometimes prefered because the thought that there’s no conflicts within this technology, but the opposite is true, it can conflict, the reason that you don’t see many conflicts is because you know in advance not to install two FW products on your machine, and why? because those two can conflict.
Barak
NDIS filter development is a tedious and hard process, there are packages on the Internet that offer an easier development, but the real question should be – DO YOU NEED NDIS FILTER? you see, some implementations can only be done with NDIS filter, BUT there are scenarios which can be solved with NDIS or other network interception technologies. If this is the case it’s imperative you know FOR SURE, that NDIS was indeed the correct technology for that solution.
Barak
Debugging memory heap corruptions is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.
We wrote an article about how to debug heap corruptions which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.
Barak
Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:
Disadvantages:
Barak
What is LSP? LSP stand for Layered Service Provider and in a nutshell it’s a component that intercepts all Winsock API calls and allows the programmer to inspect the data and even modify it.
You can read about more LSP resources on Komodia’s web site.
Barak
I inquired about the price of lsp.com and I got a quote for 40k$, I would understand if the site was ranked 1st on Google search for LSP, but it isn’t even ranked. for 40k$ I can run so many SEO tactics to get to number one in many words and still have change.
Barak