Network Packet Filtering

Packet Filtering(PF) is all about controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination.

Packet filtering is the selective passing or blocking of data packets as they pass through a network interface. The criteria that pf uses when inspecting packets are based on the Layer 3 (IPv4 and IPv6) and Layer 4 (TCP, UDP, ICMP, and ICMPv6) headers. The most often used criteria are source and destination address, source and destination port, and protocol. Packet filtering is one technique, among many, for implementing security firewalls.

ref:

TCP/IP Protocol Stack - http://www.protocols.com/pbook/tcpip1.htm

Three ways to get your MAC address -

http://www.codeguru.com/cpp/i-n/network/networkinformation/article.php/c5451

How OSI works - http://computer.howstuffworks.com/osi1.htm

Packer Filtering Faq - http://www.openbsd.org/faq/pf/filter.html

Windows Filtering Platform -

http://msdn.microsoft.com/en-us/library/aa366510(VS.85).aspx

Network Filtering Articles articles by Jesús O -

http://www.programmerworld.net/personal/firewall.htm

Network Traffic Filtering -

http://www.ntkernel.com/w&p.php?id=14

http://www.codeguru.com/forum/showthread.php?t=286378

Application Layer Filtering (ALF): What is it and How does it Fit into your Security Plan -

http://www.windowsecurity.com/articles/Application_Layer_Filtering.html?printversion

How do I hook the TCP stack in Windows to sniff and modify packets?

http://stackoverflow.com/questions/695057/how-do-i-hook-the-tcp-stack-in-windows-to-sniff-and-modify-packets

Filter-Hook Drivers?

http://msdn.microsoft.com/en-us/library/aa504969.aspx

An Adventure: How to implement a Firewall-Hook Driver?

http://www.codeproject.com/KB/IP/FwHookDrv.aspx

Unraveling the Mysteries of Writing a Winsock 2 Layered Service Provider -

http://www.microsoft.com/msj/0599/LayeredService/LayeredService.aspx

A Little Sniffer that Uses WSA Sockets (Windows Sockets)

http://beta.codeproject.com/KB/winsdk/Sniffer.aspx?msg=2471244

Blocking and Non-Blocking Sockets - http://www.developerfusion.com/article/28/introduction-to-tcpip/8/

Socket overlapped I/O versus blocking/nonblocking mode - http://support.microsoft.com/kb/181611

Reusable Socket Server Class - http://www.developerfusion.com/article/2498/a-reusable-windows-socket-server-class/

Socket overlapped I/O versus blocking/nonblocking mode -

http://support.microsoft.com/kb/181611

Which I/O Strategy Should I Use?

http://tangentsoft.net/wskfaq/articles/io-strategies.html

List of Http Headers - http://en.wikipedia.org/wiki/List_of_HTTP_headers

Http Header Field Definitions –

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.33

RFC1945 - Hypertext Transfer Protocol HTTP/1.0 - http://www.faqs.org/rfcs/rfc1945.html