Rick,
Perhaps the problem is one of misunderstanding. When TCP/IP binds to the
‘loopback’ adapter, it sends very little traffic. Given that the only
station on the loopback ‘network’ that is present is itself, any pings to
the address assigned to the loopback adapter will never be sent to the
adapter itself. The IP route table will generally cause all traffic that is
directed to the host to go through the IP ‘loopback’ interface of 127.0.0.1
and *not* out on any NIC.
If you try to send to an IP address that is within the network address
assigned to the loopback adapter, ARP requests for those addresses will not
be answered and again, TCP/IP will not send any IP packets.
It is quite possible that how you are trying to use the loopback adapter
just will not work in your situation. Moreover, if your solution depends on
seeing unicast IP traffic generated by the local host and destined for the
local host, you will not see that traffic on any adapter, even a ‘real’ one.
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
(On future replies, please post to the group instead of sending to me
directly. Thanks!)
-----Original Message-----
From: doug [mailto:xxxxx@telkomsa.net]
Sent: Monday, September 19, 2005 2:38 PM
To: David R. Cattley
Subject: Re: Binding to the MS Loopback adapter using Ndisprot
David, thanks for the reply!
With regard to your first question, everything works fine. The problem is
that its not working the way we want it to. When we do a query using
DeviceIoControl to see which adapters are using the driver, only the real
ethernet card is picked up. We are new to working with drivers so please
excuse us our ignorance.
The traffic we are expecting to see on the Loopback are packets generated by
command prompt utilities. i.e. ping, tracert, nmap and netcat. Our program
uses the driver to listen in promiscuous mode so that we can pick up
generated traffic. Once we recieve a packet, our program checks to see what
is requested and then generates a response. The response is sent using the
driver so that we can bypass the TCP/IP stack. Our problem is that at the
moment, everything works but the PC has to be connected to a network to
work. We thought that by binding to the loopback it would not be necessary
to be connected to a live network for the program to work.
The goal of our program is to allow people to use the previously mentioned
tools without sending their data into a live network. The tools will then
pick up our responses as valid reponses. Almost like running the tools
against a honeypot network.
Hope this makes sense!
Thanks again
Rick
----- Original Message -----
From: “David R. Cattley”
Newsgroups: ntdev
To: “‘Windows System Software Devs Interest List’”
Sent: Monday, September 19, 2005 1:47 AM
Subject: RE: Binding to the MS Loopback adapter using Ndisprot
> Rick,
>
> Your question seems to imply that you are trying to get the protocol to
> bind. If your protocol binds to ndis5 at the lower edge, you should be
> fine. Since you seem to have it working with real hardware, it should not
> be any different for the Loopback Adapter.
>
> The following questions come to mind and answering them may help get to
the
> bottom of your issues:
>
> What does not work?
>
> What are you expecting to see for traffic on the loopback adapter?
>
> What are you expecting to happen when you ‘send’ on the loopback adapter?
>
> Are you setting a packet filter with NDIS_PACKET_TYPE_ALL_LOCAL (as well
as
> NDIS_PACKET_TYPE_DIRECTED | NDIS_PACKET_TYPE_BROADCAST |
> NDIS_PACKET_TYPE_ALL_MULTICAST as appropriate)?
>
> Good Luck,
> Dave Cattley
> Consulting Engineer
> Systems Software Development
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Rick North
> Sent: Sunday, September 18, 2005 9:41 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Binding to the MS Loopback adapter using Ndisprot
>
> Hi! Is it possible to bind the Ndisprot driver to the Microsoft Loopback
> adapter? The driver I’m using is from www.thecodeproject.com from a
> program called RawEthernet. We use it to recieve all packets that cross
> the NIC and to send custom packets out again.
>
> We got it to work with the “real” NIC in the pc but can’t get it work
> with the Loopback adapter. We want to use the Loopback so that we can
> send and recieve packets in a “safe” environment. Sorry if this
> explanation is a bit vague. Please mail me if you have solutions or
> further questions.
>
> Thank You for you time.
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@msn.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>