Author Archives: Barak Weichselbaum

How to intercept data on Internet

How to intercept data on Internet? This can be done using number of technologies:

Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
NDIS – Kernel driver that inspects packets and has total control over the network.
WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.

Barak

HTTP Filtering SDK

HTTP Filtering SDKÂ is needed when you want to filter/modify HTTP traffic. The challenge when trying to modify HTTP is that you first need to remove all the HTTP encodings like GZIP, Inflate, SDCH, Chunked transfer and more.

Once you removed the encodings you also need to adjust the headers so the browser will know how to interpert the new encodings.

Barak

Network traffic monitor Windows

Leave a reply

Network traffic monitor WindowsÂ can be done with various methods and technologies like: Winsock LSP, NDIS Passthru or NDIS IM, TDI Filter or TDI Driver, WFPÂ and more.

Barak

Layered Service Provider

Leave a reply

Layered Service ProviderÂ or its more known form is Winsock LSPÂ is used to perform various packet interception/manipulation tasks. The main advantage of Winsock LSP is that it works on stream level and it’s implemented in user level.

Barak

Intercepting network traffic

Leave a reply

Intercepting network trafficÂ is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:

Parental control.
Anonymizers.
Spam filtering.

There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.

Barak

Intercept DNS port

Leave a reply

Intercept DNS portÂ can be done with number of ways:

NSP, which is very rare and very hard to implement.
Detours/hooking, you can hook the DNS functions using a commercial hooking library, just make sure that the library you purchase supports 64bit.
Use Komodia’s Redirector SDK to easily do it for you.

Barak

NDIS Miniport

Leave a reply

NDIS MiniportÂ is a synonym for NDIS IMÂ which is used when you need to change packets at Kernel level, this includes modifying the header and body, dropping or adding packets.

At Komodia we useÂ a NDIS IM driver for our new NAT server interception.

Barak

On fly modify HTTP traffic

Leave a reply

On fly modify HTTP trafficÂ can be easily be done with Komodia’s Network Redirection SDKÂ which uses Winsock LSP as the base for its operations. It also has many optional modules, one of the most popular is the SSL Decryption module.

Barak

TDI Filter

Leave a reply

TDI FilterÂ is sometimes prefered because the thought that there’s no conflicts within this technology, but the opposite is true, it can conflict, the reason that you don’t see many conflicts is because you know in advance not to install two FW products on your machine, and why? because those two can conflict.

Barak

NDIS filter development

Leave a reply

NDIS filter developmentÂ is a tedious and hard process, there are packages on the Internet that offer an easier development, but the real question should be – DO YOU NEED NDIS FILTER? you see, some implementations can only be done with NDIS filter, BUT there are scenarios which can be solved with NDIS or other network interception technologies. If this is the case it’s imperative you know FOR SURE, that NDIS was indeed the correct technology for that solution.

Barak

Komodia's Winsock LSP products, network interception/modification and SSL decryption blog

Winsock LSP, Komodia and what interests programmers

Author Archives: Barak Weichselbaum

How to intercept data on Internet

HTTP Filtering SDK

Network traffic monitor Windows

Layered Service Provider

Intercepting network traffic

Intercept DNS port

NDIS Miniport

On fly modify HTTP traffic

TDI Filter

NDIS filter development