Firewall that blocks single packets?

[SomE]

Im trying to find a firewall that blocks packet-wise as oppose to program-wise...

I've used Sygate Personal Firewall bf: http://pcworld.com/downloads/file_de...id,8132,00.asp
... as well as others... but whenever u try to block a single packet, it ends up blocking the whole program (maybe I don't know how to use it properly?)

Does such a firewall even exist?
I guess there are forums better suited for this discussion... sorry for being a lazy bum...

Oh btw: firewall --> preferably free

[dglienna]

ZoneAlarm can block certain ports, as can other firewalls. How would it know which packet to block, if it wasn't on a certain port, or used by a single program?

[SomE]

I just want to block a specific packet/s used by a program (without blocking the whole program)

Is there a firewall that is able to do this?
I did some searching at download.com of popular firewalls... yield no results

[dglienna]

Explain what you are trying to do or block. Is it your app that you want to block? Are packets coming in on different ports? Maybe Winsock could examine packets and reject certain criteria, but that might slow things down.

[SomE]

I don't really want to get into too much detail of what im trying to do...

For example --> using MSN Messenger:
- I see packets coming in/out
- If I was to block just one of these packets (as oppose to the whole program)... would that in effect block one of my contacts?
- Maybe I could somehow block a specific ip without affecting the whole program

Obviously this is a stupid example coz in Messenger u can just block/delete your contacts
... but hypothetically speaking is the above, possibe with a firewall?

The criteria thing smells like potential but unfortunately as u can see I don't know much about firewalls... so could u give me an overview/guide on how it works?

As I mention bf I don't want to reveal too much... and merely experimenting with 'something'...

[dglienna]

Download a packet sniffer, and take a look at what comes and goes thru a LAN port. Firewalls don't examine packets, they just block ports All programs use specific ports. If you block the port, you block the whole app.

[SomE]

Thanks alot
I've found one at pcworld... gonna go try it out... might ask more Q's if I get stuck

[Jean-Guy2000]

The best way to accomplish this is to re-direct the applications traffic to a dummy proxy server. Most applications like MSN/IE etc allow you to configure a proxy server. Write a program that will accept connections on 127.0.0.1 : proxyport and forward the connection to the real host : port. The application will be speaking to the server and your "proxy" will act as a "man-in-the-middle" on the data packets.

If your application doesn't support proxy server then you modify the HOSTS file or your DNS server to supply a fake DNS lookup for that particular server. This way you can re-direct your traffic to the dummy proxy.

I have done exactly as you are speaking of in the past when I do protocol reverse-engineering. I have a C++ program (i have posted this code as a CodeGuru article that awaitiing publication) that gives you the framework for a proxy server. You can easily modify my project to do what you require.

during the Send() / Recv() functions you have access to the data streams and you can modifiy or choose not to send that data to the target.

If you take the packet sniffer route you will be able to see the data but intercepting it and removing it at the socket layer is a big task.

[SomE]

Sorry dude... im lacking in the technical stuff... even though I'm through my 1st year CompSci degree...

With a packet sniffer I can't tell which packet is for which app... so it isn't any use to someone like me
Does your program determine this?

Maybe I should wait a few years... like when I actually know these stuff?