Intercepting network trafficÂ is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:
- Parental control.
- Spam filtering.
There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.
Intercept DNS portÂ can be done with number of ways:
- NSP, which is very rare and very hard to implement.
- Detours/hooking, you can hook the DNS functions using a commercial hooking library, just make sure that the library you purchase supports 64bit.
- Use Komodia’s Redirector SDK to easily do it for you.
NDIS MiniportÂ is a synonym for NDIS IMÂ which is used when you need to change packets at Kernel level, this includes modifying the header and body, dropping or adding packets.
At Komodia we useÂ a NDIS IM driver for our new NAT server interception.
On fly modify HTTP trafficÂ can be easily be done with Komodia’s Network Redirection SDKÂ which uses Winsock LSP as the base for its operations. It also has many optional modules, one of the most popular is the SSL Decryption module.
TDI FilterÂ is sometimes prefered because the thought that there’s no conflicts within this technology, but the opposite is true, it can conflict, the reason that you don’t see many conflicts is because you know in advance not to install two FW products on your machine, and why? because those two can conflict.
NDIS filter developmentÂ is a tedious and hard process, there are packages on the Internet that offer an easier development, but the real question should be – DO YOU NEED NDIS FILTER? you see, some implementations can only be done with NDIS filter, BUT there are scenarios which can be solved with NDIS or other network interception technologies. If this is the case it’s imperative you know FOR SURE, that NDIS was indeed the correct technology for that solution.
Debugging memory heap corruptionsÂ is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.
We wrote an article about how to debug heap corruptionsÂ which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.
Hooking WinsockÂ is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:
- No need to install anything.
- Easy to learn.
- For commercial products requires a commercial hooking library.
- For 64bit there’s only Microsoft Detours which costs a small fortune.
- On Vista and above you have to deal with injection security enforcement.
What is LSP? LSP stand for Layered Service Provider and in a nutshell it’s a component that intercepts all Winsock API calls and allows the programmer to inspect the data and even modify it.
You can read about more LSP resources on Komodia’s web site.
I inquired about the price of lsp.com and I got a quote for 40k$, I would understand if the site was ranked 1st on Google search for LSP, but it isn’t even ranked. for 40k$ I can run so many SEO tactics to get to number one in many words and still have change.