to monitor local pc network and block ip's is

2019-09-04 08:36发布

问题:

i need to build network monitor that sniff the network and to hold
ip policy that will enable me to block the network based on this policy
for example:
if im getting incoming http protocol from ip that is in my ip policy black list
and now i like to block it and for example redirect this http request so it could
contain now my http packet ( packet injection ? )
dose winpcap can do the job ?
To be more to the point
basically what i need is to build simple url blocking app ..
Which approach should i use?

回答1:

winpcap can sniff for you, but blocking or redirecting will require either installing new null-routes for the blocked addresses, or some other form of firewalling. winpcap won't help you with the firewalling.

When null-routing, you're basically telling your TCP/IP stack a false route to a destination; many systems provide simple syntax for this, but it appears under Windows your best bet for null-routing a host or network is to forward the packets to a non-existent gateway. The plus-side to null-routing is that it is very simple, quick, and uses pathways in the TCP/IP stack that are very highly optimized for heavy lookups.

You could just as well use firewall rules to drop packets, but you might be using your firewall for 'more important' policy decisions, and cluttering your firewall tables with a list of hosts you don't want to talk with any longer might make inspecting the firewall rules more difficult; or, you might have to enable the firewall, incurring a performance penalty that you might not otherwise need.



回答2:

You could write a 'proxy' that listens on port 80 (http) and forwards connections to the real webserver.