[Winpcap-users] TurboCap device

Renato Araújo Ferreira marina.peixe at terra.com.br
Wed Jul 9 12:50:56 GMT 2008

The main issue of packet based analisys is that the reliability of data 
decreases while the throughput increases. I think that, and I'm looking for 
it, the main purpose of these capture devices is deliver a hardware and 
software solution that solves this question, like endace promises with your 
DAG card. Turbocap device, and it's software driver/API working together 
provide a mechanism to avoid the packet losses and the CPU overload?? If 
yes, will a normal implementation of winpcac using pcap_findalldevs, 
pcap_setfilter, pcap_open_live, etc takes advantage of these 


Renato A. Ferreira

----- Original Message ----- 
From: "Gianluca Varenni" <gianluca.varenni at cacetech.com>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, July 08, 2008 1:05 PM
Subject: Re: [Winpcap-users] TurboCap device

> ----- Original Message ----- 
> From: "Renato Araújo Ferreira" <marina.peixe at terra.com.br>
> To: <winpcap-users at winpcap.org>
> Sent: Monday, July 07, 2008 3:40 PM
> Subject: [Winpcap-users] TurboCap device
>> Hello, all...
>> I'd like to know how turbocap device works. If it's looks like as a very 
>> large OS level buffer to avoid the packets of being droped in high 
>> throughputs, and if I need to change one implementation that already work 
>> with winpcap with common network devices.
> I'm not sure if I understood your questions completely. However, this is a 
> very brief explanation of how TurboCap works and how it differs from the 
> standard WinPcap driver.
> In the normal WinPcap case, the driver stack used to receive packets is 
> composed by
> - a NIC miniport (written by the NIC manufactor) that deals with the 
> hardware and exports a standard windows interface to deliver packets to 
> the upper layers
> - zero or more IM drivers (written by 3rd parties) that can 
> analyze/monitor/block packets. Personal firewalls and QoS packet scheduler 
> are IM drivers.
> - the WinPcap protocol driver (npf.sys) which receives the packets from 
> the underlying layer(s) (i.e. NIC miniport or the IM drivers) and delivers 
> them to user level.
> This stack architecture uses a framework provided by MS called NDIS (it's 
> not 100% true as NDIS was designed in conjuction with other companies, if 
> i remember well before even Windows, there was some NDIS stuff for DOS or 
> similar). The NDIS framework was not designed with packet capture in mind, 
> although it definitely allows you to create network sniffers.
> TurboCap instead is a monolitic driver that talks directly with a specific 
> NIC card (based on an Intel chipset), buffers the packets in the driver 
> and delivers them to user mode applications.
> If you use a TurboCap board and have a WinPcap based application, the 
> TurboCap board is accessible directly through the WinPcap interface 
> (although some features might not be available) or rewrite the capture 
> part of your application using the TurboCap native API.
> Let me know if this answers your question.
> Have a nice day
> GV
>> Thanks..
>> Renato A. Ferreira
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list