Top Related Projects
High-speed packet processing framework
Nmap Project's Windows packet capture and transmission library
Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.
Scapy: the Python-based interactive packet manipulation program & library.
A Swiss army knife for your daily Linux network plumbing.
Provides packet processing capabilities for Go
Quick Overview
WinDivert is a Windows packet capture and injection library that allows developers to intercept and manipulate network traffic on Windows systems. It provides a low-level interface to the Windows Filtering Platform (WFP), enabling advanced network monitoring and traffic management capabilities.
Pros
- Cross-platform Compatibility: WinDivert is designed to work on a wide range of Windows versions, from Windows XP to the latest Windows 10 and Windows Server releases.
- High-performance: The library is optimized for high-speed packet processing, making it suitable for real-time network applications.
- Flexible API: WinDivert offers a comprehensive API that allows developers to easily capture, inspect, modify, and inject network packets.
- Active Development: The project is actively maintained, with regular updates and bug fixes.
Cons
- Windows-only: WinDivert is a Windows-specific library and cannot be used on other operating systems.
- Complexity: Interacting with the Windows Filtering Platform can be complex, and the library's API may have a steep learning curve for some developers.
- Potential Security Risks: Improper use of the library could lead to security vulnerabilities, as it provides low-level access to the network stack.
- Limited Documentation: While the project has some documentation, it may not be as comprehensive as some developers would prefer.
Code Examples
Here are a few code examples demonstrating the usage of the WinDivert library:
- Capturing and Printing Network Packets:
using WinDivert;
using (var divert = new WinDivertHandle())
{
divert.Open("true");
var packet = divert.Recv();
Console.WriteLine(packet.ToString());
}
This code opens a WinDivert handle, captures a network packet, and prints its contents to the console.
- Modifying Packet Headers:
using WinDivert;
using (var divert = new WinDivertHandle())
{
divert.Open("true");
var packet = divert.Recv();
packet.IPHeader.DstAddr = "192.168.1.100";
divert.Send(packet);
}
This code captures a network packet, modifies the destination IP address in the packet's IP header, and then sends the modified packet back to the network.
- Filtering Packets Based on Criteria:
using WinDivert;
using (var divert = new WinDivertHandle())
{
divert.Open("outbound and tcp.DstPort == 80");
var packet = divert.Recv();
if (packet.IPHeader.Protocol == IPProtocol.TCP && packet.TCPHeader.DstPort == 80)
{
// Process the packet
}
}
This code opens a WinDivert handle that captures only outbound TCP packets with a destination port of 80, and then processes the captured packets.
Getting Started
To get started with WinDivert, follow these steps:
- Download the latest version of the WinDivert library from the GitHub repository.
- Extract the downloaded files to a directory of your choice.
- Add a reference to the
WinDivert.dlllibrary in your project. - Start using the WinDivert API in your code, as shown in the examples above.
Make sure to review the project's documentation and sample code for more detailed information on using the library.
Competitor Comparisons
High-speed packet processing framework
Pros of PF_RING
- High-performance packet capture and processing for Linux systems
- Supports both kernel-space and user-space packet processing
- Extensive documentation and community support
Cons of PF_RING
- Limited to Linux environments
- Requires kernel modifications for optimal performance
- Steeper learning curve compared to WinDivert
Code Comparison
PF_RING (C):
#include <pfring.h>
int main(int argc, char* argv[]) {
pfring *ring = pfring_open("eth0", 1518, PF_RING_PROMISC);
pfring_enable_ring(ring);
// Packet processing logic here
}
WinDivert (C):
#include <windows.h>
#include <windivert.h>
int main()
{
HANDLE handle = WinDivertOpen("true", WINDIVERT_LAYER_NETWORK, 0, 0);
// Packet processing logic here
}
Both libraries provide low-level packet interception and manipulation capabilities, but PF_RING is tailored for Linux systems and offers more advanced features for high-performance scenarios. WinDivert, on the other hand, is designed specifically for Windows environments and provides a simpler API for packet manipulation. The choice between the two depends on the target operating system and specific performance requirements of the project.
Nmap Project's Windows packet capture and transmission library
Pros of Npcap
- More comprehensive packet capture and injection capabilities
- Better integration with existing network tools and libraries
- Wider community support and regular updates
Cons of Npcap
- More complex setup and configuration process
- Larger footprint and potential performance overhead
- Stricter licensing terms for commercial use
Code Comparison
Npcap
pcap_t *handle;
char errbuf[PCAP_ERRBUF_SIZE];
handle = pcap_open_live("eth0", BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device: %s\n", errbuf);
return 2;
}
WinDivert
HANDLE handle;
handle = WinDivertOpen("true", WINDIVERT_LAYER_NETWORK, 0, 0);
if (handle == INVALID_HANDLE_VALUE) {
fprintf(stderr, "Failed to open WinDivert device\n");
return 2;
}
The code comparison shows that WinDivert has a simpler API for opening a capture handle, while Npcap requires more parameters and error handling. WinDivert's approach is more straightforward but may offer less fine-grained control compared to Npcap's more detailed configuration options.
Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.
Pros of Wireshark
- Comprehensive GUI-based network protocol analyzer
- Supports a wide range of protocols and file formats
- Large community and extensive documentation
Cons of Wireshark
- Larger resource footprint and more complex setup
- Less suitable for programmatic network manipulation
Code Comparison
Wireshark (C):
void
proto_register_http(void)
{
static hf_register_info hf[] = {
{ &hf_http_request, { "Request", "http.request", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }},
{ &hf_http_response, { "Response", "http.response", FT_BOOLEAN, BASE_NONE, NULL, 0x0, NULL, HFILL }},
};
}
WinDivert (C):
HANDLE handle = WinDivertOpen("tcp.DstPort == 80", WINDIVERT_LAYER_NETWORK, 0, 0);
if (handle == INVALID_HANDLE_VALUE)
{
// Error
}
Summary
Wireshark is a powerful, GUI-based network analyzer with broad protocol support and extensive documentation. WinDivert, on the other hand, is a lightweight, programmable packet capture and diversion library for Windows. While Wireshark excels in detailed packet analysis, WinDivert is better suited for programmatic network manipulation and packet injection.
Scapy: the Python-based interactive packet manipulation program & library.
Pros of Scapy
- Cross-platform compatibility (Windows, Linux, macOS)
- Extensive protocol support and packet manipulation capabilities
- Active community and regular updates
Cons of Scapy
- Slower performance for high-speed packet processing
- Steeper learning curve due to its comprehensive feature set
Code Comparison
Scapy (Python):
from scapy.all import *
packet = IP(dst="8.8.8.8")/TCP(dport=80)
send(packet)
WinDivert (C):
#include <windows.h>
#include <windivert.h>
HANDLE handle = WinDivertOpen("true", WINDIVERT_LAYER_NETWORK, 0, 0);
WinDivertSend(handle, packet, packetLen, NULL, NULL);
Key Differences
- Scapy is a Python library, while WinDivert is a C library specifically for Windows
- Scapy focuses on packet crafting and analysis, while WinDivert specializes in packet interception and modification
- Scapy offers a higher-level abstraction, making it easier for rapid prototyping and scripting
- WinDivert provides lower-level access to network packets, potentially offering better performance for Windows-specific applications
A Swiss army knife for your daily Linux network plumbing.
Pros of netsniff-ng
- Cross-platform support (Linux-based systems)
- Comprehensive network analysis toolkit with multiple tools
- High-performance packet capture and processing capabilities
Cons of netsniff-ng
- Limited to Linux-based systems
- Steeper learning curve due to more complex features
- Requires root privileges for most operations
Code Comparison
netsniff-ng:
static int receive_packet(struct ring *ring, union tpacket_uhdr *hdr)
{
struct tpacket2_hdr *hp = &hdr->h2;
while ((hp->tp_status & TP_STATUS_USER) == 0)
cpu_relax();
return 0;
}
WinDivert:
BOOL WinDivertRecv(HANDLE handle, PVOID pPacket, UINT packetLen,
PWINDIVERT_ADDRESS pAddr, UINT *readLen)
{
return WinDivertRecvEx(handle, pPacket, packetLen, 0, pAddr, readLen, NULL);
}
Both projects focus on packet manipulation, but netsniff-ng provides a more comprehensive toolkit for Linux systems, while WinDivert is specifically designed for Windows environments. netsniff-ng offers broader functionality but may be more complex to use, whereas WinDivert provides a simpler API for Windows-specific packet interception and manipulation.
Provides packet processing capabilities for Go
Pros of gopacket
- Cross-platform support (Windows, Linux, macOS)
- Rich packet manipulation and analysis capabilities
- Extensive documentation and community support
Cons of gopacket
- Requires more setup and configuration
- May have higher overhead for simple packet capturing tasks
- Less specialized for Windows-specific network operations
Code Comparison
WinDivert:
HANDLE handle = WinDivertOpen("true", WINDIVERT_LAYER_NETWORK, 0, 0);
WinDivertRecv(handle, packet, sizeof(packet), &addr, &readLen);
// Modify packet here
WinDivertSend(handle, packet, readLen, &addr, &writeLen);
gopacket:
handle, _ := pcap.OpenLive("eth0", 1600, true, pcap.BlockForever)
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range packetSource.Packets() {
// Process packet here
}
WinDivert is more focused on Windows packet interception and modification, offering a simpler API for these tasks. gopacket provides a more comprehensive packet analysis toolkit with broader platform support, but may require more code for basic packet manipulation on Windows.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
WinDivert 2.2: Windows Packet Divert
- Introduction
Windows Packet Divert (WinDivert) is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10.
WinDivert enables user-mode capturing/modifying/dropping of network packets sent to/from the Windows network stack. In summary, WinDivert can: - capture network packets - filter/drop network packets - sniff network packets - (re)inject network packets - modify network packets WinDivert can be used to implement user-mode packet filters, sniffers, firewalls, NATs, VPNs, IDSs, tunneling applications, etc..
WinDivert supports the following features: - packet interception, sniffing, or dropping modes - support for loopback (localhost) traffic - full IPv6 support - network layer - simple yet powerful API - high-level filtering language - filter priorities - freely available under the terms of the GNU Lesser General Public License (LGPLv3)
For more information see doc/windivert.html
- Architecture
The basic architecture of WinDivert is as follows:
+-----------------+
| |
+------->| PROGRAM |--------+
| | (WinDivert.dll) | |
| +-----------------+ |
| | (3) re-injected
| (2a) matching packet | packet
| |
| |
[user mode] | | ....................|...................................|................... [kernel mode] | | | | | | +---------------+ +-----------------> (1) packet | | (2b) non-matching packet ------------>| WinDivert.sys |--------------------------------------------> | | +---------------+
The WinDivert.sys driver is installed below the Windows network stack. The following actions occur:
(1) A new packet enters the network stack and is intercepted by WinDivert.sys (2a) If the packet matches the PROGRAM-defined filter, it is diverted. The PROGRAM can then read the packet using a call to WinDivertRecv(). (2b) If the packet does not match the filter, the packet continues as normal. (3) PROGRAM either drops, modifies, or re-injects the packet. PROGRAM can re-inject the (modified) using a call to WinDivertSend().
- License
WinDivert is dual-licensed under your choice of the GNU Lesser General Public License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2. See the LICENSE file for more information.
- About
WinDivert was written by basil.
For further information, or bug reports, please contact:
basil@reqrypt.org
The homepage for WinDivert is:
https://reqrypt.org/windivert.html
The source code for WinDivert is hosted by GitHub at:
https://github.com/basil00/Divert
Top Related Projects
High-speed packet processing framework
Nmap Project's Windows packet capture and transmission library
Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.
Scapy: the Python-based interactive packet manipulation program & library.
A Swiss army knife for your daily Linux network plumbing.
Provides packet processing capabilities for Go
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot