Komodia's Interceptor installation guide

From Komodia
Jump to: navigation, search

Quick installation guide

You can view the Komodia's Interceptor quick installation guide incase you just want to install quickly without going into details.

Introduction

This manual covers the installation and usage of: Komodia's Interceptor product.

Trial notice

Trial versions connect to our provisioning server to receive license status, the software is not sending out any information that the Redirector processes.

Components

The Redirector package includes the following components:

PCProxy Service

Acts both as the proxy that accepts connections from the redirected clients and as the server that handles configuration and control of the product. (exposes API using COM interface and can be programmed by any COM able language such as: VB, Delphi, VC)

LSP DLL

This module performs the actual redirection. It communicates with the PCProxy service to get the redirection rule set.

Komodia’s Advanced LSP Installer

Used to install and uninstall the LSP DLL.

Interceptor SDK DLL

This DLL is the SDK you interface with to receive the data from all the intercepted apps.

Interceptor SDK COM DLL

This dLL is the COM interface DLL which can be used with developing languages such as: VB, VB.NET, C#

Working mode

The Interceptor has two working modes: online and offline.

Online working mode

This mode is used during the development phase, the Interceptor service is needed only to create the config file that is used on the deployed machines, but the when the LSP detects that the service is installed and there’s no configuration file present, it will connect with the Interceptor service to receive the interception logic. In online mode it’s not possible to intercept system services.

Offline working mode

This mode is used during deployment, in the deployment computer you place the file “PCProxyOff.ini” inside %system32%, this file contains the interception logic you produced on the development computer. In this mode the LSP also intercepts system services.

Installation

First, extract the .zip file into a single directory and follow the installation instructions of each component.

All installation commands are run from a console window (cmd.exe). In Vista you must run this with “administrative privileges”. The current directory must be the directory into which you unpacked the .zip file.

Under Vista and abbove you must install PCProxy as a service only.

PCProxy Service

To install the “PCProxy” as a service run:

PCProxy /Service

To install the “PCProxy” as an EXE (Will run when the LSP or VB console tries to communicate with it, this option is for XP only):

PCProxy /RegServer

PCProxy as a service

PCProxy can be started and stopped from either the services control panel or via “net” (OS utility).

To start the service - run from the command prompt:

net start pcproxy

To stop the service - run from the command prompt:

net stop pcproxy

Additional flags

Auto

This flag is used to set the PCProxy as a service with auto start:

PCProxy /Auto /Service

NoStop

This flag is used when you don't want PCProxy to accept service stop commands, keep in mind that the service can be still terminated using "end task" (to fully protect the SDK you can use Komodia's Watchdog.

PCProxy /NoStop /Service

Another variation with auto start:

PCProxy /Auto /NoStop /Service

PCProxy load sequence

After PCProxy is installed as a standalone or as a service, the first call from the LSP or GUI console will activate it. Of course, it is possible to set PCProxy to load automatically when installed as a service.

LSP DLL

32 bit

To install the “LSP DLL” run:

RegisterLSP –b –d PCProxy.dll

64 bit

Installing the LSP on 64bit OS involves installing once for 32bit and once for 64bit:

RegisterLSP –b –d PCProxy.dll
RegisterLSP64 –b –d PCProxy64.dll

Updating

PCProxy

If PCProxy.EXE file has the same COM interface (this will be mentioned whenever an update is sent), then the file can simply be replaced. In case the COM interface was changed (which will be mentioned in the update), then you must replace the file and re-run the installation command like you did at the install phase.

LSP DLL

To update the LSP DLL, replace the old LSP DLL and re-run the installation command like you did at the install phase.

Uninstallation

All uninstallation commands are run from a console window (cmd.exe). In Vista you must run this with “administrative privileges”. The current directory must be the directory into which you unpacked the .zip file.

PCProxy Service

To uninstall the “PCProxy” (same procedure for Service and for non Service installation) run:

PCProxy /UnregServer

LSP DLL

32 bit

To uninstall the “LSP DLL” run:

RegisterLSP –f

64 bit

Same like installing, to uninstall on 64bit you must do it for 32bit as well:

RegisterLSP –f
RegisterLSP64 –f

Usage

The LSP intercepts all traffic based on the rules predefined by the user, and redirects it to the proxy. The rules are all configured by using the application: “PCController.exe”, which is using a public COM API to control the Redirector (on various installation some of the buttons are missing, this is because some buttons are relevant to an optional component which is not present)

Image of “PCController.exe” application main screen

Required external files

The VB console uses two external system OCX files, comdlg32.ocx and mscomctl.ocx. Some computers don’t have them installed, so if the console outputs an error you must obtain them.

Settings load sequence

The Redirector’s settings are saved in a file called PCProxy.ini and it is located under %system32% This file is loaded automatically whenever PCProxy starts (this file is updated whenever pressing the “save” button)

Rules type

There are three separate rules. Each can be set into one of two modes:

  • Intercept only the items in the list (default) - Only session information that matches the information in the list will be redirected. For example, placing “iexplore.exe” in the applications list will cause all traffic from Internet Explorer to be redirected.
  • Intercept all except items in the list – The LSP will intercept all sessions but ignore those whose information are on the list. For example, placing “iexplore.exe” in the application list will cause all traffic except that which originates from Internet Explorer to be redirected.

SSL interception

The LSP automatically intercepts SSL traffic for Internet Explorer and FireFox, the rules are only relevant to non SSL traffic.

Application rule

Will intercept/exclude (depending on mode) the session based on application name, the name is case insensitive.

Port rule

Will intercept/exclude (depending on mode) the session based on:

  • Outgoing TCP: destination port.
  • Outgoint UDP: destination port.
  • Incoming TCP: source port.
  • Incoming UDP: source port.

Ports can be in the form of a single port, for example of HTTP port:

80

Ports can also be in the form of port range, for example:

1-100

IP rule

Will intercept/exclude (depending on mode) the session based on:

  • Outgoing TCP: destination IP.
  • Outgoint UDP: destination IP.
  • Incoming TCP: source IP.
  • Incoming UDP: source IP.

IPs can be specified in either normal format:

192.168.0.1

And you can also specify CIDR format:

192.168.0.0/8

Rules logic

Rules are logical OR, which means that if one of the rules matches the session information, then the session will be redirected.

For example, placing port 80 in the ports list and “iexplore.exe” in the application list means that redirected sessions will be those that either are opened to port 80, or originate from Internet Explorer, or both.

Items to never intercept

Items on this list will never be intercepted regardless of the regular interception list mode (include/exclude). For example, placing “iexplore.exe” in this list means that sessions coming from Internet Explorer will never be intercepted, even if other rules match those sessions’ information (a port 80 rule, for example.)

Recommended rules for evaluating the Redirector

There are couple of ways which could be used to intercept rules.

Intercept based on port

Set the ports you want to intercept (the example rule will redirect every HTTP traffic to port 80):

Redirector1.png

Intercept based on applications

Set the names of the applications you want to intercept (the example rule will redirect every traffic that is made by either Internet Explorer or Firefox):

Redirector2.png

Intercept based on applications and ports

You can merge the settings in the previous two examples to intercept both applications and ports (merging the example will create a rule that will redirect all traffic from Internet Explorer or Firefox and all port 80 traffic from any application)

Intercept all traffic

To intercept all traffic you need to make sure you don't have any applications, ports and IP set and then switch the button in the application tab from: "Intercept only applications in the list" to: "Intercept all applications beside those in the list":

Redirector3.png

Saving, loading and clearing the data

The PCProxy service loads the data as it loads. All subsequent modifications are not saved until the “Save” button is pressed. The “Clear” button will reset the configuration.

Creating the interception logic file

The button “Save offline file” will save the current settings under %system32% inside a file called PCProxyOff.ini, make sure to also use normal save before you exit because the Intercept service saves all the online data in a different configuration file.

Propagation time

Inside online mode

LSP only affects application that ran after the installation. For example, if you installed the LSP while an Internet Explorer instance was running, that instance will not be affected, but every new instance will be affected. After restart, all applications, including OS core services, are affected.

Running LSP instances refresh the rule set every 60 seconds (this value can be changed at compile time by request). New instances take the latest rules from the service upon loading.

Inside offline mode

If you update the file, it will only affect application loaded from that point on, all loaded applications will use the settings they had before you updated the file.