I'm developing what is essentially a specialized firewall application. The solution needs to be 32 and 64-bit compatible. My company wants to keep the current program interface, which is written in C#.
What I need is this: a way to monitor and manipulate all network traffic on the system. My research has led me to believe that a NDIS (Network Driver Interface Specification) Intermediate driver is the way to go. If I can write this kind of driver in C#, great, but I'm not sure that's possible. At the very least, I need an interface in C# to a driver written in any language.
I found a great resource online for creating one in a series of articles entitled "Extending the Microsoft PassThru NDIS Intermediate Driver":
Part 1 - Adding a DeviceIoControl Interface
Part 2 - Two IP Address Blocking NDIS IM Drivers
Part 3 - Supporting Windows XP 64-Bit Edition
However, it is dated (2003). Before I invest in reading and learning what it has to say, I want to make sure I'm not wasting my time.
Is there a better way to do this? Are there any open source projects or articles that explain the process better than the articles above? Am I even in the ballpark? Help please.
There's another page from the same author, titled Windows Network Data and Packet Filtering, which provides "a brief introduction to various techniques that can be used to filter network data and network packets on the Microsoft Windows platforms".
It mentions others options, e.g. "TDI flter driver" and "User-Mode Network Data Filtering", which may suit instead, depending on whether you really want to manipulate all the network traffic on the system.
Related
I would like to consultate what is the best solution for mediastream server(WebRTC) that can fulfill my needs.
What I need:
Easily manage 50+ connections. Ability to switch who is hearing whom, and who is talking to whom.
Clients should have only one WebRTC connection. Which is going to server. Server then again, control what he is hearing, and to whom he is talking to..
That is basically my needs. I prefer languages like C# and NodeJS.
I looked at kurento, which seems to have kinda bad documentation, and it uses Java which I am not familiar with.
Any alternatives, suggestions?
Thank you.
The whole point about webRTC is that it's peer to peer, and doesn't need a server (except for the initial signalling).
The beauty of this is that you can scale to handle as many connections as you like. The performance is only limited by the client browsers and their connection speed.
You only need a media server if you need to do video conferencing for more than one or two users on the same call.
Writing a video conferencing server is a big deal, it's a complex problem to solve, and I would recommend starting with an existing open source project as your base. If you go down this path, you will need some serious hardware and bandwidth, because the server will be handling each and every video stream, and need to be scalable.
This article lists 6 open source projects that may fit your needs: https://elearningindustry.com/top-6-open-source-web-conferencing-software-tools-elearning-professionals
Top Open Source Web Conferencing Software Tools eLearning
Professionals Should Know About
While there are plenty of open source web conferencing tools available
these days, there are also a number of budget-friendly alternatives
that still offer the same features and functions. In fact, open source
web conferencing software offers you the opportunity to host virtual
training events, collaborate with colleagues, and offer learners
personalized support without paying hefty monthly fees.
I haven't been able to find a solution answer on this for the past 2 days:
Can C# Mono, or a supported third party framework, be used to create and manage layer 2 tunnel over a virtual interface across the 3 major platforms (OSX, Windows, Linux)?
At a high-level an application like Hamachi or Tunngle would be a real world example for what I'd like to achieve at a basic level.
The intention behind this question is whether it would be possible to write effective cross-platform code or whether I would have to resort to platform-specific code to implement the virtual interfaces.
That depends. Since L2TP is actually accomplished using UDP datagrams, there's no reason why you can't implement it in C#. However, integrating it with the operating system (as a virtual interface driver etc.) is more or less impossible - I'd expect the only real way would be to have a small native wrapper that calls the managed code that does most of the work.
In other words - you can write Hamachi in .NET just fine. Writing the Hamachi Network Adapter is the tricky part. Also, if you just want to add L2TP capabilities to your applications, there's no problem (instead of TcpClient/UdpClient etc., you'd just use your own class that communicates with your L2TP class). However, integrating it to the IP infrastructure does require you to write a driver, which is usually a native-only territory.
It might be that there are some ready-to-use solutions that have the virtual network adapter which can call DLLs, but I'm not aware of any. A very unsafe way would also be to create hooks on Socket calls, but I'm not going to elaborate since that's extremely tricky and a bad idea overall :D
In other words, you have the option to use a hybrid approach - have the minimal native drivers for all the platforms you want to support, and let them call your managed library to do all the real work - the managed library can then be platform independent (as long as Mono is supported there :)).
Now, each OS probably has its own VPN client, which you could concievably use from .NET. However, that also means that your application will have to be able to support each of these OSes and their different VPN clients separately - and that will be tricky.
If you want to go the way of writing your own network interface driver, a good way to start on Windows is the Driver Development Kit, which has some sample source code for NIC drivers. Windows uses NDI (http://en.wikipedia.org/wiki/Network_Driver_Interface_Specification), which has some support even on *nix family of OSes, so it might be possible to do this relatively easily - but don't forget, you're still writing a driver. Unless you have significant experience with C/C++/ASM and OS kernels and driver models, you're probably out of your league here. This is the stuff that leads to BSODs :)
There's also some related technologies like TDI (Transport Driver Interface) or WFP (Windows Filtering Platform) which could be used to do all this in user-space, rather than kernel/driver-space. However, those are Windows technologies. You'll have to find the equivalents on the other OSes you want to support, and you'll have to do some magic to make it all work in one cross-platform application. And while doing all this, you want to maintain performance - which requires very careful programming in .NET (it's easy to write reliable code in .NET, but it's harder to get cutting-edge performance. C/C++/ASM is quite the opposite - it's relatively easy to do things fast, but reliability suffers).
I want to write a method in C# to check which applications in my machine/server are using internet connection at a particular point in time and if possible, how much bandwidth they are using. Can anyone please help me get a head start on this?
I decided to write an answer because comments are too small.
Well, reading other Q&A on stackoverflow and looking around on the internet, I didn't find a simple solution for your problem.
Actually, for .NET processes is really simple, you just need to retrieve informations from ".NET CLR Networking - Bytes Received/Bytes Sent" performance counters, as shown in this Q&A
But in general, getting per-process used bandwidth isn't an easy work.
For example "Microsoft Network Monitor" sniffer can trace the process that generates internet packets only for TCP traffic, because probably it maps IP-port pairs with processes using them (or something similar, TCP is a connected protocol so it is simpler).
Anyway if you want to give it a try you can use the exposed API (look at this blog entry for some hint).
However, as suggested in these Q&A's (LINK 1, LINK 2), the right, and probably the only way, is to write a NDIS/TDI driver that can intercept network traffic and exposing a .NET callable API to it.
The problem is that such drivers can't be written in managed code, and so you need to implement it in C/C++.
Obviously, if you manage to find an already written driver/sniffer exposing a callable API, you can use it.
For example WinPCap has one (and some .NET wrappers like SharpPCap or PCap.Net), but I don't think (not sure) it's able to get packets's source-process information.
As digEmAll noted, in pre-Vista Windows you are reduced to writing your own driver or using a 3-rd party one. In Vista, 2008 and Windows 7 you can use the GetPerTcpConnectionEStats API (there is a large example of its usage on the MSDN page). Resource Monitor relies on this API, together with the older GetTcpTable/GetTcpRow APIs, for extended network statistics.
I found Process Monitor as a very useful tool and it served my purpose so I didnt had to write any code although i am yet to check out whether it gives any API which i can use in my application to get some information I need.
Thanks everyone for helping me out.
Greeting,
This month I will start working on my master thesis. My thesis's subject is about network security.
I need to deal with network interfaces and packets.
I've used shappcap before to interact with packets but I'm not sure if C# is the most powerful language to deal with network programing and packets.
I worked a bit with wireshark and I saw how powerful it is and as you know winsharp is open source developed using C++.
I'm not sure if I should use C# or C++ for network security programming and I want your through about the best language might be for network programming and packets interaction.
should I use C#, C++, or java or some thing else?
please give me your advice.
Thank you,
UPDATE
..........................
I'm going to do different packet mining by taking each packet and read each field on it then use these values and in same stages I would modify some of the packets value then resend them back.
I want to control the packet since it received by the network interface until it passes to the application layer.
also
You'd be able to do network programming using almost any language you want to. If you are equally comfortable in all of the languages you've mentioned, you should determine what system libraries or APIs will you be interfacing with. For example, if you will be doing packet-level network programming on a Unix system, C would probably be your best best. If you want to integrate with Wireshark, go with C++. If you want to use an Apache Commons component, use Java. I suggest you come up with a more specific set of requirements for your actual program before trying to decide which language to use.
WireShark uses WinPCap so you could go that route as well.
For security application, is that a intrution detection system or do you actually want to drop offending packets? WinPCap, SharpPCap etc. do not allow you you drop packets, for this you will need to look at some kind of intermediate driver or look at Windows Filtering Platform (WFP)
http://www.microsoft.com/whdc/device/network/WFP.mspx
IMHO, if you can find a callback driver that calls back to user mode and allows you to filter the packets from C# or C++, this would probably be fine for experimental purposes etc. but for a production solution, I think you would need to stick to the kernel level to ensure that you can keep-up with the peek volume.
Use C++, Boost and Poco and you can do what you want. Boost asio is: Portable networking, including sockets, timers, hostname resolution and socket iostreams. Poco library also provides solutions for network, cryprography NetSSL ... and more. For more information you can visit www.boost.org and www.pocoproject.org
You can use java if you like - jpcap works well.
I would suggest using C#, since there is a very strong library called Pcap.Net that wraps WinPcap with .NET code. This should make it easy for you to receive, send and interpret packets different packets of different protocols.
My requirement is to write an application to send a file from a remote machine to another machine using internal modem. Both system are connected thru VPN or a internet.
Basically we have two systems both having internal dial up modems. The two systems are connected through either VPN or Internet.
One system should send a file (XML) to another.
I was given the freedom to do it in either C++ or C#. Or is there any other language we can do this easily?
How can I go about this task? Do we need an client/server type application or do we need an app only at the receiving end?
Is there any built in technology available for this type of file transfers using modems?
Since I don't have the programming point of view, my question may not be clear! I tried to put max information on my requirements, but if I am not clear, please ask me.
If you are connected via a VPN, then there are many existing programs available to transfer files between each other. The most well known is FTP. There are many freely available FTP or SFTP packages.
The fact that you are using a modem does not matter. Only that they are in the same network or visible on the internet.
It's been a while, so my memory is fuzzy:
There are modem libraries out there. Find one and use it. No need to reinvent the low level software. I seem to remember using a product from Dialogic (At least I think that was the company). It worked well. I did a quick search and there are 50 companies with that name, but I did see some that mention C, C++ and C# librariers. If you do a little research you'll find what you need.
You will need to learn how to initiate communications between the modems. Almost all modems use the Hayes Modem AT Command Set.
Modems are slow: So pick a compression algorithm before sending data. zlib is an industry favorite.
Your modem library of choice should provide several mechanisms for doing the pure data transfer that you are asking about. Choose the one that fits your data best.