Re: A sniffer, fast and dirty...

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Pavel A." <pavel_a@xxxxxxxxxxxxxxx>
Date: Wed, 7 Sep 2005 14:07:00 +0300

Thank you Thomas,
Why I'm reluctant about the IM approach - this will be installed on machines
where I can't put the test certificate, so users will have to click thru
signing popups :(
Your PCAUSA rawether protocol driver installs in the old good legacy way
and binds dynamically - a no hassle, user-proof solution.
Also, we've already payed for it :)
If I find how to settle the popups issue - either convince the client to
use test signed driver, or write some anti-popup program - IM is definitely
better.

Regards,
--PA

"Thomas F. Divine [DDK MVP]" <tdivine@xxxxxxxxxxxxxxxx> wrote in message news:eg11zC1sFHA.3640@xxxxxxxxxxxxxxxxxxxxxxx
>
> "Pavel A." <pavel_a@xxxxxxxxxxxxxxx> wrote in message news:A7E95F52-6633-46E1-AED0-2D8EAD81E44C@xxxxxxxxxxxxxxxx
>>I need to count certain packets sent thru a netcard during usual network
>> activity (internet, mail...).
>> The counting can be done in kernel mode, no need to pass data to usermode.
>> The card can be any usual 10/100 ethernet, connected either to LAN or DSL
>> modem (PPPoE).
>>
>> What of the following is less intrusive to the system and easier to do?
>>
>> a. IM filter based on Passthru
>> b. Protocol driver & set the packet filter to ALL_LOCAL
>>
>> Ah and this will be just a fast and dirty internal tool - not for production
>> :)
>>
>> Thanks for any advice,
>> --PA
>
> Take the Passthru driver from part 1 of the "Extending the Passthru.." article at http://www.wd-3.com. (In the archives...).
>
> It has an IOCTL interface added. Should be able to add your counters to the drivers and an IOCTL to fetch them.
>
> You won't need to modify the packet filter. The NDIS IM driver will be using the packet filter setting specified by the
> higher-level protocols you are interested in monitoring.
>
> Thomas F. Divine, Windows DDK MVP
> http://www.rawether.net
>

.

References:
- A sniffer, fast and dirty...
  - From: Pavel A.
- Re: A sniffer, fast and dirty...
  - From: Thomas F. Divine [DDK MVP]

Prev by Date: Re: Compiler version not supported by Windows DDK
Next by Date: SCSI Processor Device Driver
Previous by thread: Re: A sniffer, fast and dirty...
Next by thread: Re: A sniffer, fast and dirty...
Index(es):
- Date
- Thread

Relevant Pages

RE: AVStream INF files + Chkinf + Fastinst = Brain-ache!!
... Driver and each bus driver has a different mechanism for enumerating the ... TestCap installs itself on the ROOT Bus and therefore ... I ran Chkinf on the inf file and it gave ...
(microsoft.public.development.device.drivers)
Re: pscript5 customization
... I downloaded your rleased code from cvs (which installs ok) but throws ... exceptions in a few places once i tried playing with it. ... To get some direction, checkout my driver, well it won't ...
(microsoft.public.development.device.drivers)
Re: Clone a W2K server???
... If you want to do multiple installs with the same settings, but onto different hardware, you ... > Server I had a SCSI error. ... > driver on Bootup it gave me a "SCSI Port Start Entry ...
(microsoft.public.win2000.setup_deployment)
Re: Windows update replaces incorrect audio driver...
... Have you posted in Dell Support Forums yet? ... my audio hardware as "Via AC 97" and installed the correct driver. ... installs an incorrect driver. ... the shutdown button from the start menu still ...
(microsoft.public.windowsupdate)
RE: Windows update replaces incorrect audio driver...
... my audio hardware as "Via AC 97" and installed the correct driver. ... installs an incorrect driver. ...
(microsoft.public.windowsupdate)