Winsock or kernel mode packet capture...
-
Hello, I'm developing an application to capture and copy POP3 email then send it to an email server. I need to do this before the traffic gets to the user's email client application. In my investigation so far, it looks like my options are to do this at the Winsock layer (with potential performance implications), or in a kernel mode NDIS driver. I'm leaning to the latter solution (perhaps by utilizing WinPcap). Any advice or pointers to other resources would be appreciated. Thanks. Ken....
-
Hello, I'm developing an application to capture and copy POP3 email then send it to an email server. I need to do this before the traffic gets to the user's email client application. In my investigation so far, it looks like my options are to do this at the Winsock layer (with potential performance implications), or in a kernel mode NDIS driver. I'm leaning to the latter solution (perhaps by utilizing WinPcap). Any advice or pointers to other resources would be appreciated. Thanks. Ken....
Ken, This type of application would have to sit before or on the PoP3 Server in question to work as you may be aware of. If PoP3 is using any type of encryption between other hops, then you may not be able to see anything but the IP header of any of the packets. This also goes for what type of encoding is being used on the data packets from the headers. Definately using a NDIS driver will do the trick. Or a simplified way is to proxy the PoP3 Server if you have admin access to that server. An example would be to change the port of the PoP3 server to 111. Your program would listen on port 110. This would allow you to do any pre-processing on any of the information coming in, then connect to the PoP3 on 111 and handoff what you need to passthrough. You can readup on the Pop3 protocol at the W3C (World Wide Web Consorium). If you cannot get access to the server, then accomplishing this can only be done at the packet level. Hope this helps! ~ CodeDoctor ~
-
Ken, This type of application would have to sit before or on the PoP3 Server in question to work as you may be aware of. If PoP3 is using any type of encryption between other hops, then you may not be able to see anything but the IP header of any of the packets. This also goes for what type of encoding is being used on the data packets from the headers. Definately using a NDIS driver will do the trick. Or a simplified way is to proxy the PoP3 Server if you have admin access to that server. An example would be to change the port of the PoP3 server to 111. Your program would listen on port 110. This would allow you to do any pre-processing on any of the information coming in, then connect to the PoP3 on 111 and handoff what you need to passthrough. You can readup on the Pop3 protocol at the W3C (World Wide Web Consorium). If you cannot get access to the server, then accomplishing this can only be done at the packet level. Hope this helps! ~ CodeDoctor ~
Thanks for the response. What I ended up doing was basically writing an email client to read the email from the server, instead of capturing the email as it goes up the stack to the user's email client. This approach solved alot of issues, including some you mentioned. Ken....