[Winpcap-users] Can I capture inbound packets only?
Loris Degioanni
loris.degioanni at gmail.com
Wed Feb 15 19:50:09 GMT 2006
Guy Harris wrote:
>
> On Feb 14, 2006, at 4:52 PM, Loris Degioanni wrote:
>
>> This was about not capturing the packets that the user sends on the
>> pcap interface (what I called "pcap adapter level" in my previous mail).
>
> I.e., that's all that the NDIS_FLAGS_DONT_LOOPBACK and
> NDIS_FLAGS_SKIP_LOOPBACK flags do - they can't prevent packets sent by,
> say, the IP protocol module from being looped back and supplied to
> WinPcap? The page at
>
> http://www.ndis.com/papers/loopback.htm
>
> suggest that they're flags you set on the packet as it's being sent, so
> that wouldn't help.
Exactly. Setting this flag will be an option of next WinPcap release.
> Do any of the NDIS packet filter settings suppress looped-back packets?
Not that I know.
NDIS packet filters work at hardware (or NIC driver) level, while the
loopback mechanism in Windows is totally managed by NDIS and the TCP/IP
stack. There is an option for NIC drivers to manage loopback internally,
but as far as I know nobody uses it.
> They might not work in promiscuous mode, but I suspect most of the
> people who don't want to see outgoing packets are arguably abusing
> libpcap/WinPcap as a tool for making protocol implementations rather
> than passive sniffers; in the past, I've suggested that perhaps there
> should be a *completely separate library* for people doing user-mode
> protocol implementations atop {BPF, DLPI, PF_PACKET sockets, NDIS,
> etc.), as that'd allow different features of at least some of those
> mechanisms (in particular, the ones such as DLPI and NDIS that were
> *NOT* primarily designed for packet sniffers) to be used, which might
> work better for those applications.
Totally agree. There are *many* of these winpcap-based protocol
implementations around. I think Fulvio was working on something like
this in his netbee project.
Loris
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list