Hello again,
Thanks to everyone for all the advice. I GREATLY appreciate it. (REALLY!!)
Ok, so lets start from the top:
Yeah, sorry, IP packets, not Sugar or Creamer packets - but I heard coffee filters might work for this. BTW: I like my packets shaken and not stirred.
I know about Net::Pcap, but I read somewhere that you can only view packets and not change them (like an IDS). I'm looking for more of the IPS or firewall approach (yes, pileofrogs, you are correct).
I know about Squid (and actually prefer it as a proxy server solution). I want the ability to look at a packet, then if it's heading for www.badsite.com, change it to go to www.errorpage.com. I know Squid would work great for this, but I don't want a user to be able to change their proxy settings to bypass it. If I could put Squid inline, I could eliminate this, but then they could just bypass that server physically.
I have never looked at Squid on Windows (except through Cygwin). If it does run on Windows, I'm curious how they filter packets. I know Checkpoint does it as well. My guess is that they cut into Windows using some variant of C.
Thank you for the code, NetWallah, it's a good start. I just wish Net::Pcap would let you filter as well as view (on Windows). This would be so much easier if the world were "hooked" on Unix.
Thanks again to everyone - I hope that answers some questions and gets one step closer.
-Sean AKA: Morpheous1129 | [reply] |