Writing a filter for incoming connections

I'm using C++/boost::asio under Win7.

I'm trying to "sniff" trafic over a given TCP/IP port. Hence, I'd like to li开发者_如何转开发sten on that port, receive messages, analyze them, but also immidately allow them to flow further, as if I never intercepted them. I want them to sink into the program that normally listens and connects on that port. Imagine a transparent proxy, but not for HTTP.

I'd rather find a code-based solution, but barring that, maybe you would suggest a tool?

what you are trying to do is basically a firewall program.

On windows there is several approach to do that, you can hook winsock. The better (or not hacky) is to use TDI filter (you take a look a this) or to make a NDIS filter.

Microsoft also introduced new API, WPF and LSP. I think you have better to use it because the TDI filter and NDIS wrapper involve driver programming which complicated and can be time consuming.

If this is for a product you are developing you may want to take a look at the WinPcap library http://www.winpcap.org/ which you can embed into your own program.

If you just need to analyze for yourself, use one of the tools that uses WinPcap, I have had great success with WireShark; but check out the WinPcap site for other tools

You cannot use boost::asio (or any other socket based library) for this as it consumes all the traffic.