capture packets then drop packet IPS system

Is there any possible way in windows to "drop" packets like a true IPS(intrusion prevention system) similar to iptables in unix.

Also if im using matlab is there a way to "capture packets on the network" and feed them into a neural net? Matlab on windows that is.

Im struggling to understand how libpcap can "capture" data but yet you cant "drop" data in real time?

Rather annoying snort cant do it, snort only acts as a IDS on windows but IDS/IPS on linux due to it being able to right 开发者_运维知识库rules to iptables.

For Windows 7/Vista you can use the Windows Filtering Platform (WFP) API to do simple packet filtering, similar to what to can achieve with iptables. The API is somewhat verbose, however.

For more complicated filtering, e.g. say URL filtering that payload parsing/inspection, you'll need to either (1) write a device driver such as a WFP callout driver, or (2) use a third party package that can divert packets to user-mode applications.

For the latter there is WinDivert (GLPv3) and WinpkFilter (commercial license). Both packages are C/C++ so you'd need to write an appropriate MatLab binding. Disclosure: I am the author of WinDivert.

Warning Technical: Packages like Winpcap do not, and can not, drop packets because of the type of driver it uses (NDIS protocol driver, to be precise). Protocol divers only see copies of packets and have no way to block the original packet. For this they'd need to re-implement the Winpcap driver as a NDIS IM or LWF driver.