Lee Wallen
May 23rd, 2002, 11:11 AM
I'm interested in writing a pass through proxy for logging purposes, but I'm unsure of the proper place to start. I have a few assumptions on the appropriate starting place, but would like to get some feedback from others.
Goals:
- ability to log target and source IP addresses for any incoming or outgoing packets
- ability to toggle logging for a specific NIC
- ability to toggle logging for specific target/source IP addresses
- ability to toggle logging for specific ports on specific target/source IP addresses
- ability to log which process initiated an outgoing packet
Assumption:
- Should use a pass through intermediate mode NDIS driver for hooking the NIC devices on the users machine
Thank you for your thought and feedback,
Lee Wallen
Goals:
- ability to log target and source IP addresses for any incoming or outgoing packets
- ability to toggle logging for a specific NIC
- ability to toggle logging for specific target/source IP addresses
- ability to toggle logging for specific ports on specific target/source IP addresses
- ability to log which process initiated an outgoing packet
Assumption:
- Should use a pass through intermediate mode NDIS driver for hooking the NIC devices on the users machine
Thank you for your thought and feedback,
Lee Wallen