WinDivert

WinDivert is a library for Windows that allows user-mode applications to intercept, inspect, modify, divert, or drop network packets. It operates directly with the system's network stack, providing control over TCP/IP traffic. This functionality is used in the development of security tools, network monitoring, and custom network applications.

★★★★★

5.0(1 ratings)

• Packet Interception. Captures incoming and outgoing network packets before they are processed by the operating system or the destination application. This operation is fundamental for implementing application-level firewalls or traffic analysis tools that require a decision on packet handling.
• Packet Filtering. Evaluates packets against a high-level filter language to select specific traffic. Filters can specify protocols, IP addresses, ports, and other packet header characteristics, allowing granular control over which traffic is processed by the application.
• Packet Modification. Alters the content of network packets in real-time, including headers and payloads. This capability enables tasks such as rewriting addresses for NAT, injecting data, or correcting errors in in-transit network traffic.
• Packet Re-injection. Reinserts captured or modified packets back into the Windows network stack. Packets can be re-injected with changes, diverted to another destination, or delayed, which is necessary for tunneling applications or transparent proxies.
• Packet Dropping. Selectively removes network packets based on defined criteria, preventing them from reaching their original destination. This function is a core component of firewall applications for blocking unwanted connections.
• Loopback Traffic Support. Captures and manipulates locally generated packets between applications on the same system. This support is necessary for monitoring or filtering internal communications between services without the need for external network traffic.
• Full IPv6 Support. Processes network traffic using the IPv6 protocol, including extension headers. The implementation covers the protocol specifications for filtering and modification operations in modern network environments.
• Network Layer Capture. Operates at the network layer of the TCP/IP model, allowing handling of IP, ICMP, TCP, and UDP packets. This position in the network stack provides access to routing information and fundamental internet protocols.
• Filter Priorities. Assigns priority levels to different filters to determine the order of evaluation when multiple rules match a packet. This system organizes processing logic in complex applications with multiple conditions.
• Silent Installation. Allows deployment of the WinDivert driver and components without user interaction or graphical interfaces. This feature facilitates integration into automated installations or larger software packages.

The development of WinDivert began in 2010, created by Basil As Saadi (basil@reqrypt.org) as a solution for intercepting packets in user mode on Windows. The project was developed primarily in the C programming language, with driver components in C. The library is distributed under the terms of the GNU Lesser General Public License (LGPL), allowing its use in commercial and open-source software.

Alternatives to WinDivert: