2

I have a TCP/IP stack running within a Windows userspace program. The stack is based on a Windows-port of LwIP: https://github.com/yarrick/lwip-contrib/tree/master/ports/win32

The userspace stack interfaces with an ethernet interface at layer 2 using the npcap library/driver: https://nmap.org/npcap/

ncap is used to send and capture raw ethernet packets, which are passed from/to the userspace LwIP stack.

The problem: Let's say I listen on TCP port 5000 within the userspace stack. The Windows kernel does not know anything about the userspace stack and treats 5000 as closed port. This interferes with the userspace stack. For example, the kernel might response to incoming SYN packets with RESET packets (rejecting the TCP connection).

The question: How can I shut down the Windows kernel TCP/IP stack for a specified ethernet interface? I want the userspace stack via ncap to be the only one who is sending out packets.

Matt Davis
  • 45,297
  • 16
  • 93
  • 124
Mike76
  • 899
  • 1
  • 9
  • 31
  • I am thinking about the Windows firewall, but I do not yet know whether this is feasible. – Mike76 Oct 30 '18 at 18:17
  • If you open the Properties dialogue for the network adapter, you'll see a bunch of checkboxes for the various protocols that are active above that adapter, including IPv4 and IPv6. Does unchecking those boxes not give you the behaviour you want? – ottomeister Oct 31 '18 at 02:57
  • Thanks this solved the issue, I had to uncheck all kinds of protocol in the adapter settings. – Mike76 Nov 05 '18 at 09:27

1 Answers1

2

Unchecking all protocols in the network adapter settings solved the problem (ipv4, ipv6, others...)

Mike76
  • 899
  • 1
  • 9
  • 31