Portmaster should use NPCAP to capture all the packet from the network adapter

[rajagopalan181]

What would you like to add or change?:

Portmaster should use NPCAP to capture all the packet from the network adapter.
through that data it should block all the traffic from the network adapter.
without leaving the single traffic

Why do you and others need this?:

Portmaster should use NPCAP to capture all the packet from the network adapter.
through that data it should block all the traffic from the network adapter.
without leaving the single traffic

[vlabo]

Can you elaborate more on the proposal?
NPCAP is software for capturing network traffic, there is no functionality for blocking or redirecting as far as I know.
And we are using the same technology as NPCAP for monitoring and also we block the traffic with a kernel driver (kernel extension).

[rajagopalan181]

Wireshark use npcap driver in windows,Linux and Mac to capture the traffic in that same style portmaster also need to use npcap driver to capture all the traffic from pc and that capture traffic will show in portmaster and based on that captured traffic the rules will be set in the portmaster. ---- On Mon, 25 Nov 2024 16:07:51 +0530 Vladimir ***@***.***> wrote ---- Can you elaborate more on the proposal? NPCAP is software for capturing network traffic, there is no functionality for blocking or redirecting as far as I know. And we are using the same technology as NPCAP for monitoring and also we block the traffic with a kernel driver (kernel extension). —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>

[vlabo]

Wireshark is a monitoring tool, Portmaster is a firewall the scope of the application is different.
As I said we are using the same API as the npcap driver so there is no need capture the traffic with it.

And Portmaster does more since it is also linking connection to process and collecting the dns traffic for each application. Which cannot be done with the npcap driver.

You can explore the code if you want to compare the two drivers and see the difference in functionality.
https://github.com/safing/portmaster/tree/develop/windows_kext

[rajagopalan181]

Because why we mentioned npcap driver because some traffic  still not captured by portmaster ( portmaster capture traffic only with exe file types what if the attack try to use some other file type like DLL for internet access that time portmaster will capture? [To give the best firewall performance all the traffic in and out of the pc must be captured with  (any type of protocol and  any file type ) in the pc ] if attacker use different ( file type or different protocol )means he can definitely penetrate the portmaster security without any issue. ---- On Tue, 26 Nov 2024 13:59:38 +0530 Vladimir ***@***.***> wrote ---- Wireshark is a monitoring tool, Portmaster is a firewall the scope of the application is different. As I said we are using the same API as the npcap driver so there is no need capture the traffic with it. And Portmaster does more since it is also linking connection to process and collecting the dns traffic for each application. Which cannot be done with the npcap driver. You can explore the code if you want to compare the two drivers and see the difference in functionality. https://github.com/safing/portmaster/tree/develop/windows_kext —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>

[vlabo]

Can you provide example what traffic is not captured by Portmaster.
Portmaster captures traffic the same way as wireshark, so if its not captured by Portmaster it will also not be captured by Wireshark.

You cannot run a dll by itself, its always link to an executable on windows. And Portmaster does not monitor traffic only by exe files it monitors all traffic and has extra logic for linking connections to processes.