Packet modification for interception and redirection - windows

I have been trying to find some way of redirecting outbound TCP packets under windows.
from from : https://github.com/basil00/Divert/blob/master/doc/windivert.html
"The WinDivert driver is automatically (and silently) installed on demand whenever
your application calls WinDivertOpen(). The calling application must have Administrator privileges."
Am a newbie in windows service programming. I want my Windows service to call the function WinDivertOpen().
Can someone just give a lead sample on how to go about it.
Thanks

Related

Create SCO client profile driver for call control from Bluetooth headset

Overview
Hi everyone, I'm developing a feature for a Softphone (run on windows), that's make answer/end a call from Bluetooth headsets or speakerphones. I have read and do step by step follow Hands-free Profile spec: https://www.bluetooth.com/specifications/specs/hands-free-profile-1-8/
Currently, I have set up "Sevice Level Connection" by send/recv AT commands follow the spec.
Problem
I don't know how to set-up Audio Connection that know as SCO connection. It's seem need to write a custom driver, that I have no experience with. The only tutorial I see from Microsoft is very difficult to understand: https://learn.microsoft.com/en-us/windows-hardware/drivers/bluetooth/creating-a-sco-client-connection-to-a-remote-device
Is there any way to bypass this step without code a driver?
If I can set-up Audio Connection then Can I answer/end call from Bluetooth headset?
This is Initialization Sevice Level Connection diagram:
https://i.stack.imgur.com/9KMlb.png
This is Answer Call diagram:
https://i.stack.imgur.com/M8WZf.png

How do I implement per-app routing behavior on windows?

I am running a VPN in windows 10 desktop (using OpenVPN) and the VPN is the default gateway, so that all traffic by default goes through the VPN tunnel.
However, I would like to exempt certain apps from the VPN, so that their traffic goes directly out the physical interface instead, by passing the VPN (so-called "split tunnelling")
I assume this solution would involve the WFP (Windows Filtering Platform) API, and perhaps the Windows equivalent of
setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, device, sizeof(device))
I have this working in Linux currently via "cgroups" and policy-based routing/multiple routing tables.
But it is my understanding that Windows has neither policy based routing or multiple routing tables. But i can still think of a way of achieving this in Windows, but I cannot find the APIs to make it happen
One way is to hook the socket creation of a specific app and then use the windows equivalent of SO_BINDTO_DEVICE socket option (setsockopt()) to force the socket to be bound to the physical interface rather than the tap driver.
But, again, I cannot find the relevant APIs to make the above happen.
So I have a few questions:
(1) Is what i want to do possible within the given APIs of WFP (Windows Filtering Platform) or Windows APIs in genral? if so, which APIs do you advise i look at?
(2) Or, must i write a "WFP call-out driver" ? If so, would you be able to point me towards some resources for this, and possibility a good starting point for my particular problem? :)
(3) Is there anything else I might be missing? a simpler approach to achieve what i want? I know that it is possible in windows, as i have see the feature in some VPNs, but i would like to replicate it in my own personal VPN :)
Yes, you can force an app to use your VPN connection by copying and editing your (Windows) VPN connection.
Open the run prompt with: WIN+R
Type: ncpa.cpl
Copy your "old VPN" to APP_VPN (for example)
Open a Normal user Powershell
Change the new VPN connection with:
Add-VpnConnectionTriggerApplication -Name "APP_VPN" –ApplicationID "C:\path-to-your\game.exe" -Force
# Enable (Application) split-tunneling
Set-VpnConnection -Name "APP_VPN" -SplitTunneling $True
You can also check the VPN settings details in the phonebook in:
C:\Users\<User>\AppData\Roaming\Microsoft\Network\Connections\Pbk
Done!

how to originate two applications from fs_cli

Please answer this interesting question, I want to make two applications communicate with each other in free switch without a sip user, I have tried following things on fs_cli
originate user/1001 &bridge(Sofia/internal/1789)
user is able to communicate with the application
originate Sofia/internal/1235 &bridge(Sofia/internal/1789)
but this is throwing error that "cannot blind transfer 1235";
I noticed that by default a sip call is originated with caller id:<00000000> and transferring call to sip user in first case but unable to transfer to dial plan in second case please help me
Loopback is for you, create an extension / dialplan with one application and reload the dialplan, and then at fs_cli you can use loopback in originate to dial that application and at the other end enter second application, that's all
https://wiki.freeswitch.org/wiki/Loopback_endpoint

Is there a way to monitor what process sends UDP packets (source/dest IP and port) in Windows?

I discovered almost accidentally that my machine was sending and receiving UDP packets to a machine in Poland. Not that I have any problem with Poland, I just don't know why my laptop has the need to communicate with a server there. Reverse DNS shows just the ISP providing the address to some end user. Using Wireshark, I can monitor the messages, which were indecipherable as they were probably encrypted. All packets sent from my machine had the same source port, so clearly the application that sent them opened this UDP socket to use it. I am searching for ways to:
1) enumerate all current sockets open in the system, including the process that created it and, for both TCP and UDP, what ports and addresses they are current bound to.
2) because applications can open these sockets, use them, and close them right away, I would love to find (or perhaps even write) a program that once started would somehow get notification each time a socket gets created, or really more importantly when bound to a source and/or destination address and port. For UDP, I would love to also be able to monitor/keep track of the destination IP addresses and ports that socket has sent messages to.
I don't want to monitor the traffic itself, I have Wireshark if I want to view the traffic. I want to be able to then cross reference to discover what application is generating the packets. I want to know if it is from a process I trust, or if it is something I need to investigate further.
Does anybody know of any applications (for the Windows platform) that can do this? If not, any ideas about a .NET or Windows API that provides this capability, should I want to write it myself?
Edit:
After further research - looks like the APIs to use are GetExtendedUdpTable and GetExtendedTcpTable, CodeProject.com has some samples wrapping these in .NET (see http://www.codeproject.com/Articles/14423/Getting-the-active-TCP-UDP-connections-using-the-G). So a combination of this API and some sniffer code would be needed to monitor and keep track of what hosts at what ports using what protocol any particular application on your machine is talking to. If I ever get some free time, I'll consider creating this, if you know of an app that does all this, please let me know.
Try SysInternals TCPView. Despite its name, it handles UDP as well.
netstat -b to enumerate all ports along with the process names.
You can try using SysInternals' Process MOnitor (ProcMon.exe or ProcMon64.exe).
It allows for filtering of Processes by "UDP Send" Operation - and provides detailed UDP Connection data, including source and destination addresses(IP) and ports etc.

Network control on Windows

How do I control the network interface on Windows? Actually, the idea is quiet simple.
Establish connect to a certain adapter on a computer.
Direct whole traffic of the adapter to this program.
Give the rights to this program what must be transfer to the adapter and what should not.
I think the program has to implement any windows network adapter interface and be registered as an adapter driver. Thus, when it wants to transfer data to real adapter, the program has to call adapter driver methods. In their turn, the methods implement the same windows network interface (or that is called in other way don't really know, I hope you get the sense), don't they?
As a result, we have a kind of inheritance here.
Before use our new driver:
windows application and windows itself
________________________ windows network interface
DRIVER of Adapter1
________________________ end of OS boundaries
Adapter 1
Use our new driver:
windows application and windows itself
________________________ windows network interface
our DRIVER
________________________ windows network interface
DRIVER of Adapter1
________________________ end of OS boundaries
Adapter 1
I believe that kind of interface exists and I hope it is realized very easy.
You will likely need to hook Windows API calls to really do this. It is possible... Start by Googling hook API and Winternals - and see if you can find their sample code.
Before Winternals was bought by Microsoft they published their code. http://technet.microsoft.com/en-us/sysinternals/bb545021
The idea is this:
You write a user-mode program which controls your hooking device
driver.
Your hooking device driver determines if network traffic on
given API calls is ok.
Driver allows normal API calls to succeed if they are.

Resources