Capture traffic before firewall ingress?

Discussion in 'other firewalls' started by koomi, Aug 28, 2006.

Thread Status:
Not open for further replies.
  1. koomi

    koomi Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    8
    I'm running Jetico PF alongside WinPcap here, and the inbound packets I can capture have all been through the firewall engine. I would like it the other way around: to have the ability to capture inbound packets before they get swallowed up by the firewall engine. It doesn't seem possible with WinPcap, because the startup type of npf.sys is manual, while the firewall engine is a system service, getting loaded well before the filter driver. I think if I can find a packet capture driver that installs itself as a system service, I can jigger the load order of the drivers, and perhaps succeed in getting my capture data before the firewall mucks things up.

    Anyone had any success in this area?

    Sidenote: in Software Firewalls versus Wormhole Tunnels, the authors incorrectly lay a blanket claim that PCAP on Win32 can send and recieve data before "the firewall". I wonder what firewalls they tested...
     
    Last edited: Aug 28, 2006
Loading...
Thread Status:
Not open for further replies.