[Winpcap-bugs] [Enhancement] A driver to capture PPP frames(cookbook)

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Nov 4 16:11:39 GMT 2008 

Hi Peter,

sorry for takins so much time in answering your email.

The approach depicted by MS to capture PPP frames is good for experiments, but it's not exactly ideal in a production environment. Besides the fact the we would need to install WinPcap through an INF file (which we do not do at the moment), there are two main issues
1. the approach works on Vista only (and lack of PPP support affects x64 systems as well).
2. the approach works if there is *only* one protocol driver with the "ms_netmon" hardware ID. They are basically suggesting to trick the NDIS networking stack into thinking that the protocol driver is NetMon. If you already have the official Microsoft NetMon installed on your machine, you wouldn't be able to install another "ms_netmon" protocol driver.

There is at least another way to capture PPP frames on all the windows versions i.e. using an NDIS intermediate driver, but due to the complexity of such driver and the amount of work required to basically re-engineer the whole kernel and installer parts of WinPcap (and the limited requests for PPP capture on Vista/x64), for the moment we decided to stick with the current capturing approach of WinPcap.

Have a nice day
GV
  ----- Original Message ----- 
  From: Piotr Podsiadly 
  To: winpcap-bugs at winpcap.org 
  Sent: Wednesday, October 22, 2008 9:43 PM
  Subject: [Winpcap-bugs] [Enhancement] A driver to capture PPP frames(cookbook)


  Hi,

  In FAQ you wrote that "the NDIS binding process that prevent a protocol driver from working properly on WAN adapters"

  I searched for "Vista PPP capture" and I found this:

  http://msdn.microsoft.com/en-us/library/bb404173(VS.85).aspx

  with is a cookbook for creating driver to capture PPP frames.

  Is this useful, have you read this already? I am not the network expert, but it seems to be explained in details how to write driver to capture PPP frames.

  Best regards
  Peter Podsiadly


------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-bugs mailing list
  Winpcap-bugs at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20081104/b3530aee/attachment-0001.htm

More information about the Winpcap-bugs mailing list