[Winpcap-users] TurboCap device
Renato Araújo Ferreira
marina.peixe at terra.com.br
Wed Jul 9 12:50:56 GMT 2008
The main issue of packet based analisys is that the reliability of data
decreases while the throughput increases. I think that, and I'm looking for
it, the main purpose of these capture devices is deliver a hardware and
software solution that solves this question, like endace promises with your
DAG card. Turbocap device, and it's software driver/API working together
provide a mechanism to avoid the packet losses and the CPU overload?? If
yes, will a normal implementation of winpcac using pcap_findalldevs,
pcap_setfilter, pcap_open_live, etc takes advantage of these
characteristics??
Thanks,
Renato A. Ferreira
----- Original Message -----
From: "Gianluca Varenni" <gianluca.varenni at cacetech.com>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, July 08, 2008 1:05 PM
Subject: Re: [Winpcap-users] TurboCap device
>
> ----- Original Message -----
> From: "Renato Araújo Ferreira" <marina.peixe at terra.com.br>
> To: <winpcap-users at winpcap.org>
> Sent: Monday, July 07, 2008 3:40 PM
> Subject: [Winpcap-users] TurboCap device
>
>
>> Hello, all...
>>
>> I'd like to know how turbocap device works. If it's looks like as a very
>> large OS level buffer to avoid the packets of being droped in high
>> throughputs, and if I need to change one implementation that already work
>> with winpcap with common network devices.
>
> I'm not sure if I understood your questions completely. However, this is a
> very brief explanation of how TurboCap works and how it differs from the
> standard WinPcap driver.
>
> In the normal WinPcap case, the driver stack used to receive packets is
> composed by
> - a NIC miniport (written by the NIC manufactor) that deals with the
> hardware and exports a standard windows interface to deliver packets to
> the upper layers
> - zero or more IM drivers (written by 3rd parties) that can
> analyze/monitor/block packets. Personal firewalls and QoS packet scheduler
> are IM drivers.
> - the WinPcap protocol driver (npf.sys) which receives the packets from
> the underlying layer(s) (i.e. NIC miniport or the IM drivers) and delivers
> them to user level.
>
> This stack architecture uses a framework provided by MS called NDIS (it's
> not 100% true as NDIS was designed in conjuction with other companies, if
> i remember well before even Windows, there was some NDIS stuff for DOS or
> similar). The NDIS framework was not designed with packet capture in mind,
> although it definitely allows you to create network sniffers.
>
> TurboCap instead is a monolitic driver that talks directly with a specific
> NIC card (based on an Intel chipset), buffers the packets in the driver
> and delivers them to user mode applications.
>
> If you use a TurboCap board and have a WinPcap based application, the
> TurboCap board is accessible directly through the WinPcap interface
> (although some features might not be available) or rewrite the capture
> part of your application using the TurboCap native API.
>
> Let me know if this answers your question.
>
> Have a nice day
> GV
>
>>
>> Thanks..
>>
>> Renato A. Ferreira
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list