Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10. WinDivert allows usermode programs to capture/modify/drop network packets sent to/from the Windows network stack.
In summary, WinDivert can
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc. The features of WinDivert include:
- packet interception, sniffing, or dropping modes
- support for loopback (localhost) traffic
- full IPv6 support
- network layer
- simple yet powerful API
- high-level filtering language
- filter priorities
- freely available under the terms of the GNU Lesser General Public License (LGPL)
For more information about WinDivert, see doc/windivert.html
WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in Linux, and some commercial packet capturing packages such as WinPkFilter for Windows. The design of WinDivert is largely influenced by FreeBSD’s divert sockets.
WinDivert in packet-sniffing mode is similar to Winpcap. Unlike Winpcap, WinDivert fully supports capturing loopback traffic. Furthermore, WinDivert supports packet interception, which is not supported in Winpcap.