Re: Why Winpcpa uses protocol driver instead of IM driver??

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxxxxxx>
• Date: Wed, 6 Jun 2007 09:25:46 -0700

---

Anand,

one of the main reasons why WinPcap is a protocol driver is historical. When
WinPcap was started back in 1997-1998, Win9x and NT4 were the current
Windows releases available. And as far as I know there was no concept of IM
drivers. A protocol driver seemed the best (and only) solution to capture
packets. Consider that WinPcap was born and "raised" within a university,
and most all of the people involved in that development had very little
knowledge about driver development and NDIS. Everyone was learning.

During the years WinPcap evolved, many parts of the driver were completely
reviewed and rewritten from scratch to improve stability and performance,
but the original NDIS protocol architecture was kept. An IM driver would
probably give more power in some scenarios, e.g. when the machine has other
IM drivers on it, but also involves a complete development/testing cycle
that at the moment we (WinPcap Team) have not yet decided to do, given the
quite large numbers of WinPcap users.

I hope this gives you an idea why WinPcap is like it is.

Have a nice day
Gianluca Varenni
WinPcap Team



<anand.choubey@xxxxxxxxx> wrote in message
news:1181139172.913863.152480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Dear Experts,

I am new in NDIS driver development.

I look that Commview/WinpCap uses protocol driver to sniff the
packet.But there is IM driver too.
As I understant that IM driver is more powerful that protocol driver
then why protocol driver is used.


Please reply.

Thanks With Best Regards
Anand Choubey

.

---

• Follow-Ups:
  • Re: Why Winpcpa uses protocol driver instead of IM driver??
    • From: anand . choubey

• References:
  • Why Winpcpa uses protocol driver instead of IM driver??
    • From: anand . choubey

• Prev by Date: Re: driver type for sending packets ???
• Next by Date: Getting owner thread of a spinlock
• Previous by thread: Why Winpcpa uses protocol driver instead of IM driver??
• Next by thread: Re: Why Winpcpa uses protocol driver instead of IM driver??
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: High DPC Use and a Method to Reboot a network card? ... I'll post to the WinPCap community to see if there is a known ... Well, ok, protocol drivers like the one that comes with WinPCap usually ... miniport driver underneath them: ... reset request to an underlying driver." ... (microsoft.public.development.device.drivers) Re: capture the ARP requests ... In this case you need driver. ... Ethereal use winpcap library which use as a core - ... protocol driver from ... And the difference are the ARP packets. ... (microsoft.public.win32.programmer.networks) Re: [ANN]: TCPDUMP for Windows ... admin rights but can use it logged in afterwards without them, ... access to driver limitations in this case ... >> access control to your driver, ... >> problems of winpcap. ... (microsoft.public.security) Re: High DPC Use and a Method to Reboot a network card? ... Well, ok, protocol drivers like the one that comes with WinPCap usually ... miniport driver underneath them: ... ProtocolReceivePacket[in e.g. WinPCap] ... which runs in DPC context (i.e. at IRQL = ... (microsoft.public.development.device.drivers) Re: Using NDISProto protocol ... not the OS supplied ndisuio driver. ... i make sure that my protocol driver is used instead of the ndisuio ... protocol drivers from issuing requests to the wireless miniport. ... (microsoft.public.development.device.drivers)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.development.device.drivers  > 2007-06