WinDivert – Windows Packet Divert


Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10. WinDivert allows usermode programs to capture/modify/drop network packets sent to/from the Windows network stack.

In summary, WinDivert can

  • capture network packets
  • filter/drop network packets
  • sniff network packets
  • (re)inject network packets
  • modify network packets

WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc. The features of WinDivert include:

  • packet interception, sniffing, or dropping modes
  • support for loopback (localhost) traffic
  • full IPv6 support
  • network layer
  • simple yet powerful API
  • high-level filtering language
  • filter priorities
  • freely available under the terms of the GNU Lesser General Public License (LGPL)

For more information about WinDivert, see doc/windivert.html

Similar Packages

WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in Linux, and some commercial packet capturing packages such as WinPkFilter for Windows. The design of WinDivert is largely influenced by FreeBSD’s divert sockets.

WinDivert in packet-sniffing mode is similar to Winpcap. Unlike Winpcap, WinDivert fully supports capturing loopback traffic. Furthermore, WinDivert supports packet interception, which is not supported in Winpcap.



Add Comment