[Winpcap-users] TurboCap device
Loris Degioanni
loris.degioanni at cacetech.com
Wed Jul 9 20:15:35 GMT 2008
Renato Araújo Ferreira wrote:
> The main issue of packet based analisys is that the reliability of data
> decreases while the throughput increases. I think that, and I'm looking
> for it, the main purpose of these capture devices is deliver a hardware
> and software solution that solves this question, like endace promises
> with your DAG card. Turbocap device, and it's software driver/API
> working together provide a mechanism to avoid the packet losses and the
> CPU overload??
Yes, and that's exactly the main goal of turbocap. In addition, it
offers some features that the standard network card doesn't have, like
port aggregation and pass-through mode.
> If yes, will a normal implementation of winpcac using
> pcap_findalldevs, pcap_setfilter, pcap_open_live, etc takes advantage of
> these characteristics??
Yes it will.
Loris
> Thanks,
>
> Renato A. Ferreira
>
> ----- Original Message ----- From: "Gianluca Varenni"
> <gianluca.varenni at cacetech.com>
> To: <winpcap-users at winpcap.org>
> Sent: Tuesday, July 08, 2008 1:05 PM
> Subject: Re: [Winpcap-users] TurboCap device
>
>
>>
>> ----- Original Message ----- From: "Renato Araújo Ferreira"
>> <marina.peixe at terra.com.br>
>> To: <winpcap-users at winpcap.org>
>> Sent: Monday, July 07, 2008 3:40 PM
>> Subject: [Winpcap-users] TurboCap device
>>
>>
>>> Hello, all...
>>>
>>> I'd like to know how turbocap device works. If it's looks like as a
>>> very large OS level buffer to avoid the packets of being droped in
>>> high throughputs, and if I need to change one implementation that
>>> already work with winpcap with common network devices.
>>
>> I'm not sure if I understood your questions completely. However, this
>> is a very brief explanation of how TurboCap works and how it differs
>> from the standard WinPcap driver.
>>
>> In the normal WinPcap case, the driver stack used to receive packets
>> is composed by
>> - a NIC miniport (written by the NIC manufactor) that deals with the
>> hardware and exports a standard windows interface to deliver packets
>> to the upper layers
>> - zero or more IM drivers (written by 3rd parties) that can
>> analyze/monitor/block packets. Personal firewalls and QoS packet
>> scheduler are IM drivers.
>> - the WinPcap protocol driver (npf.sys) which receives the packets
>> from the underlying layer(s) (i.e. NIC miniport or the IM drivers) and
>> delivers them to user level.
>>
>> This stack architecture uses a framework provided by MS called NDIS
>> (it's not 100% true as NDIS was designed in conjuction with other
>> companies, if i remember well before even Windows, there was some NDIS
>> stuff for DOS or similar). The NDIS framework was not designed with
>> packet capture in mind, although it definitely allows you to create
>> network sniffers.
>>
>> TurboCap instead is a monolitic driver that talks directly with a
>> specific NIC card (based on an Intel chipset), buffers the packets in
>> the driver and delivers them to user mode applications.
>>
>> If you use a TurboCap board and have a WinPcap based application, the
>> TurboCap board is accessible directly through the WinPcap interface
>> (although some features might not be available) or rewrite the capture
>> part of your application using the TurboCap native API.
>>
>> Let me know if this answers your question.
>>
>> Have a nice day
>> GV
>>
>>>
>>> Thanks..
>>>
>>> Renato A. Ferreira
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list