[Winpcap-users] provide a message from a program

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Sep 20 15:31:06 GMT 2006 

----- Original Message ----- 
From: "Steffen Röttig" <steff_privat at t-online.de>
To: <winpcap-users at winpcap.org>
Sent: Wednesday, September 20, 2006 8:15 AM
Subject: Re: [Winpcap-users] provide a message from a program


>> Steffen,
>>
>> I'm not sure I understood your question completely.
>>
>> Are you looking for some way to inject packets back in the protocol
>> stack of the machine, instead of transmitting them on the network?
> I get from an external program packets. My job is to realize a method 
> wherewith these packets can analyze with an packet sniffer.
> I'm thinking of two solutions:
>
> First: in the "WinPcap 3.1 Developer's Pack" is an project-example calls 
> sendpack.
> In this project is used the function "int pcap_sendpacket(pcap_t *p, const 
> u_char *buf, int size)"
> and a nic to send a packet. This packet can be analazed with a sniffer 
> like wireshark, paketyzer or visualsniffer.

I think here you are basically using the side effect of WinPcap by which 
sent packets are looped back and received. Please *don't* do that. You do 
not want to pollute the network with your packets (there are a lot of other 
reasons not to do that). Did I understand correctly?

>
> Second: i write a visual ndis miniport driver which get the packets from 
> the external programm.
> This virtual ndis miniport can i select in the sniffer and i have the same 
> effect.
>
> I think that the complexity of the first solution (in case it is possible) 
> is fewer than to write a virtual driver.
> But the second solution is finer, because of the own selection of the nic 
> and it is freelance of the versions from wincap.
>
>>
>> If so, WinPcap cannot do that, as it's a protocol driver. In order to
>> do that, you need to use some NDIS virtual miniport (or intermediate)
>> driver.
>>
>> What are you trying to achieve exactly?
>>
>> Have a nice day
>> GV
>>
> But my question for my decision is...
> It is really so easy to send packets with winpcap so that a sniffer 
> displays the data? Because all answers of my issue didn't contain this 
> solution and all said that i should have to write a virtual ndis miniport.
>

Writing a virtual miniport is definitely not the best solution, it can be 
quite a lot of work. The best solution is modifying wpcap.dll or packet.dll 
(the sources of WinPcap are freely available on the web) to add support for 
another packet provider. Packet.dll already receives packets from different 
sources, the NPF driver, the AirPcap driver, Endace cards.

Where do the packets come from, exactly? A file? Some custom device?

Hope it helps
GV



> TIA
> Regards
> steffen
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list