WinDivert: Windows Packet Divert
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows 10, Windows 11, and Windows Server.
WinDivert allows user-mode applications to capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can:
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc.
The main features of WinDivert include:
- packet interception, sniffing, or dropping modes
- supports loopback (localhost) traffic
- full IPv6 support
- network layer
- simple yet powerful API
- high-level filtering language
- filter priorities
- silent installation
- freely available under the terms of the GNU Lesser General Public License (LGPL)
➢ Documentation and Samples
- WinDivert Reference Manual:
- WinDivert README.
- WinDivert ChangeLog.
- WinDivert FAQ.
- WinDivert 2.2 sample applications, including:
- flowtrack.c: A network flow tracking application.
- netdump.c: A simple packet capture and dump application.
- netfilter.c: A simple firewall application.
- passthru.c: A skeleton WinDivert application with multi-threading.
- socketdump.c: Dumps socket operations.
- streamdump.c: Redirects TCP streams to a local proxy server.
- webfilter.c: A simple URL blacklist filter.
➢ Source Repository
The source code for WinDivert is hosted on GitHub:
Note that the repository version of WinDivert should generally be considered unstable.
The following source packages for WinDivert are available:
- WinDivert-2.2.2-Source.zip (Source zipfile)
The following binary packages for WinDivert are available.
- The WinDivert A/B/C variants are identical except for the driver signature. For most applications it does not matter which variant is used.
- We would like to thank our sponsor(s) who helped sign the drivers:
- To use WinDivert, please ensure that the application has Administrator privileges, or else WinDivert will fail to load.
The following projects use WinDivert:
- ReQrypt: A HTTP request tunneling tool.
- TcpCrypt (github): Encrypt (almost) all of your network traffic.
- Suricata (github): Network threat detection engine.
- GoodbyeDPI: Deep Packet Inspection (DPI) circumvention utility.
- BarbaTunnel (old link): Tunnel VPN traffic through HTTP.
- PyDivert: A WinDivert Python binding.
- jdivert: A WinDivert Java binding.
- StreamDivert: A tool to relay network connections.
- Stahp It: HTTP/S content filter (see also HttpFilteringEngine).
- WinDivertSharp: A WinDivert C# binding.
- Tallow (github): Transparent Tor for Windows.
- Clumsy (github): A utility for simulating a broken network for Windows.
- Inssidious (github): A mobile app network testing tool.
- LumoGate: A captive web portal solution.
- SnoopSpy (github): A packet capturing/manipulation tool.
- mitmproxy (dev version): An interactive SSL-capable intercepting HTTP proxy.
- PureBasic interface to WinDivert (webpage).
- VpnHood: A portable/fast VPN.
- WinDivertTool: A tool for managing WinDivert applications.
Contact basil if you want to add a link to your WinDivert-related project.
Send feedback and/or questions to: