Hi,
I am filtering TDI devices (Tcp, Udp and RawIP). When I do a dns query
there’s no action on these devices although UDP packets are being
sent/received. What am I doing wrong or what additional device do I have
to filter?
Thanks in advance
Dirk
> sent/received. What am I doing wrong or what additional device do I have
to filter?
UDP (you are already doing that).
DNS query is nothing but UDP datagram, on port 53.
The UDP packets u r seeing must be that of
DNS.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“dirk” wrote in message news:xxxxx@ntdev…
>
> Hi,
>
> I am filtering TDI devices (Tcp, Udp and RawIP). When I do a dns query
> there’s no action on these devices although UDP packets are being
> sent/received. What am I doing wrong or what additional device do I have
> to filter?
>
> Thanks in advance
> Dirk
>
>
Yes, but the UDP packets won’t be sent from the user-mode application. It
seems that the system resolves the IP-Name bypassing the TDI interface. TDIMon
proves that: no traffic on TDI-device during a DNS query!!!
> sent/received. What am I doing wrong or what additional device do I have
> to filter?UDP (you are already doing that).
DNS query is nothing but UDP datagram, on port 53.
The UDP packets u r seeing must be that of
DNS.HTH,
–
-Farooque Khan
http://farooque.150m.com“dirk” wrote in message news:xxxxx@ntdev…
> >
> > Hi,
> >
> > I am filtering TDI devices (Tcp, Udp and RawIP). When I do a dns query
> > there’s no action on these devices although UDP packets are being
> > sent/received. What am I doing wrong or what additional device do I have
> > to filter?
> >
> > Thanks in advance
> > Dirk
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@gmx.de
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
–
+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
On Tue, 2003-12-16 at 08:31, xxxxx@gmx.de wrote:
Yes, but the UDP packets won’t be sent from the user-mode application. It
seems that the system resolves the IP-Name bypassing the TDI interface. TDIMon
proves that: no traffic on TDI-device during a DNS query!!!
dnscache service? hosts file? lmhosts, perhaps?
-sd
That’s not possible, all UDP (and hence DNS)
has to go through TDI.
As Steve said in other message, may be there is no dns query
at all, may be system is using the DNS cache for resolving.
Purge the DNS cache (ipconfig /flushdns) and try again.
-Farooque Khan
http://farooque.150m.com
wrote in message news:xxxxx@ntdev…
>
> Yes, but the UDP packets won’t be sent from the user-mode application. It
> seems that the system resolves the IP-Name bypassing the TDI interface.
TDIMon
> proves that: no traffic on TDI-device during a DNS query!!!
>
> > > sent/received. What am I doing wrong or what additional device do I
have
> > > to filter?
> >
> > UDP (you are already doing that).
> >
> > DNS query is nothing but UDP datagram, on port 53.
> > The UDP packets u r seeing must be that of
> > DNS.
> >
> > HTH,
> >
> > –
> >
> > -Farooque Khan
> > http://farooque.150m.com
> >
> >
> >
> >
> > “dirk” wrote in message news:xxxxx@ntdev…
> > >
> > > Hi,
> > >
> > > I am filtering TDI devices (Tcp, Udp and RawIP). When I do a dns query
> > > there’s no action on these devices although UDP packets are being
> > > sent/received. What am I doing wrong or what additional device do I
have
> > > to filter?
> > >
> > > Thanks in advance
> > > Dirk
> > >
> > >
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@gmx.de
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
> –
> +++ GMX - die erste Adresse für Mail, Message, More +++
> Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net
>
>
>
>