Author Archives: Barak Weichselbaum

How to intercept data on Internet

How to intercept data on Internet? This can be done using number of technologies:

  • Winsock LSP – Is good when you want to operate at user level and inspect streams and not packets.
  • TDI – Soon to be phased out, it’s a driver like technology that can be used either in packet or stream level.
  • NDIS – Kernel driver that inspects packets and has total control over the network.
  • WFP – Microsoft new filterting platform, but until Windows XP is phased out, I forsee it will not gain momentum.

Barak

HTTP Filtering SDK

HTTP Filtering SDK is needed when you want to filter/modify HTTP traffic. The challenge when trying to modify HTTP is that you first need to remove all the HTTP encodings like GZIP, Inflate, SDCH, Chunked transfer and more.

Once you removed the encodings you also need to adjust the headers so the browser will know how to interpert the new encodings.

Barak

Intercepting network traffic

Intercepting network traffic is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:

  • Parental control.
  • Anonymizers.
  • Spam filtering.

There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.

Barak

Intercept DNS port

Intercept DNS port can be done with number of ways:

  • NSP, which is very rare and very hard to implement.
  • Detours/hooking, you can hook the DNS functions using a commercial hooking library, just make sure that the library you purchase supports 64bit.
  • Use Komodia’s Redirector SDK to easily do it for you.

Barak

TDI Filter

TDI Filter is sometimes prefered because the thought that there’s no conflicts within this technology, but the opposite is true, it can conflict, the reason that you don’t see many conflicts is because you know in advance not to install two FW products on your machine, and why? because those two can conflict.

Barak

NDIS filter development

NDIS filter development is a tedious and hard process, there are packages on the Internet that offer an easier development, but the real question should be – DO YOU NEED NDIS FILTER? you see, some implementations can only be done with NDIS filter, BUT there are scenarios which can be solved with NDIS or other network interception technologies. If this is the case it’s imperative you know FOR SURE, that NDIS was indeed the correct technology for that solution.

Barak