[lug] using tcpdump to emulate effects of packet dump

[D. Stimits]

George Sexton wrote:

> FWIW, the general technology that you would have to use to write a 
> filter to
> block them would be to to start a service that opens that mailslot
> (\\.\mailslot\messngr) and listens for incoming data, and then filter the
> data, displaying alerts you want to see.
>
> For general information on Mailslots, search the MSDN on CreateMailSlot().
>
> In general, it's a lot easier to just not run the messenger service. 
> Running
> this service on a machine that is directly connected to the internet is
> probably a bad idea anyhow.
>

I want to limit the popup to have it work only if the popup does not 
arrive on a particular interface. I want it to continue working on the 
serial port, and any network card that is deemed to allow it. An 
interface-by-interface yes/no allow/deny.

FYI, this machine has a Linux filtering bridge on it, stopping the 
usually garbage that comes in below port 1024. It isn't acceptable to 
ban port 1026 udp as this would break a lot of applications, including 
(randomly) host lookups, as the lowest open udp port is often the 
recipient of dns replies.

The CreateMailSlot() sounds like the right starting spot. Being able to 
detect what interface the popup is coming from would be the next task, 
and linking them together on a configurable menu to allow or deny. One 
of the bigger problems is that I'll have to write it for both 2k and 98.

D. Stimits, stimits AT comcast DOT net