Quoting the original web site (here) :
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016.
WinDivert allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can:
capture network packets
filter/drop network packets
sniff network packets
(re)inject network packets
modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc.
The main features of WinDivert include:
packet interception, sniffing, or dropping modes
supports loopback (localhost) traffic
full IPv6 support
network layer
simple yet powerful API
high-level filtering language
filter priorities
silent installation
freely available under the terms of the GNU Lesser General Public License (LGPL)
Similar to the raw socket sniffer (here), i have shared a demo (in freepascal) here.
Because windivert is a kernel driver, issues inherent to the windows raw sockets will not apply here.
[…] a previous article, I did comment on a nice opensource library (Windivert) and shared a basic freepascal demo to use […]
[…] playing with Windivert (see original article here), I this time decided to code a transparent […]
[…] playing with Windivert (see original article here), this time we will intercept dns traffic and will modify the IP address in DNS replies containing […]
[…] that you can use netdump or intercept-dns from previous articles (dont forget to do a set layer=forward on the command line […]