[Winpcap-users] Query
Loris Degioanni
loris.degioanni at gmail.com
Thu Jul 28 17:46:55 GMT 2005
I presume that "The driver is working at the Data Link Layer" means that
you implmented a NIC driver.
In that case, I confirm what they already told you.
WinPcap receives outgoing packets before they get delivered to the NIC
driver. On the other side, it will receive incoming data from your
driver after decryption. This means the captures will show perfectly
clear information.
Loris
Babur Khan wrote:
> hi,
>
> i have made a driver which encrypts/decrypts incoming/outgoing ip packets, i
> used windows NDIS to build the driver and have implemented IPsec with SHA1
> for authentication and AES for encyrption/decryption.The driver is working at
> the Data Link Layer.The Problem is that when i tried to capture packets with
> Ethereal 0.10.11 with WinPcap 3.0 (i sent meaages several times like 'net
> send computer2 what is your name?') i been to able to seen the data field as
> plain text.
>
>
> I Asked ethreal users about this, they replied:
>
> If the packets you're capturing are being sent by or received by the
> machine running Ethereal, then the problem is probably that WinPcap
> connects to the network interface at a layer that lets it see outgoing
> packets before they're encrypted and see incoming packets after they're
> decrypted. I'm not an expert in NDIS; you might want to ask the WinPcap
> developers about this.
> ------- End of Message -------
>
>
> I hope to get a reply soon.
> Babur Khan
>
>
>
> Babur Khan
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list