Capture traffic before firewall ingress?

Discussion in 'other firewalls' started by koomi, Aug 28, 2006.

Thread Status:
Not open for further replies.
  1. koomi

    koomi Registered Member

    Aug 24, 2006
    I'm running Jetico PF alongside WinPcap here, and the inbound packets I can capture have all been through the firewall engine. I would like it the other way around: to have the ability to capture inbound packets before they get swallowed up by the firewall engine. It doesn't seem possible with WinPcap, because the startup type of npf.sys is manual, while the firewall engine is a system service, getting loaded well before the filter driver. I think if I can find a packet capture driver that installs itself as a system service, I can jigger the load order of the drivers, and perhaps succeed in getting my capture data before the firewall mucks things up.

    Anyone had any success in this area?

    Sidenote: in Software Firewalls versus Wormhole Tunnels, the authors incorrectly lay a blanket claim that PCAP on Win32 can send and recieve data before "the firewall". I wonder what firewalls they tested...
    Last edited: Aug 28, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.