Hi, all
I am developing a driver to filter ICMP packet using filter driver.
Can ICMP packets be filtered by filtering \Device\Ip?
[off-topic]
NNTP header says:
"Content-Transfer-Encoding: base64"
Please use ASCII encoding or someone tell me how to read this stuff in
a "standard" NNTP newsreader, please!
Thanks, Stephan
On Sat, 2 Mar 2002 15:43:48 +0800, brucie wrote:
>SGksIGFsbA0KSSBhbSBkZXZlbG9waW5nIGEgZHJpdmVyIHRvIGZpbHRlciBJQ01QIHBhY2tldCB1
>c2luZyBmaWx0ZXIgZHJpdmVyLg0KQ2FuIElDTVAgcGFja2V0cyBiZSBmaWx0ZXJlZCBieSBmaWx0
>ZXJpbmcgXERldmljZVxJcD8NCg==
Yes, you will be able to see system utility ping (uses icmp.dll) activity
filtering \Device\Ip, but ICMP packets can be also send using Winsock2 raw
sockets. You can take a look on ping sample from MSDN. In this case ICMP
packets sent using \Device\RawIp.
Regards,
Vadim
“brucie” wrote in message news:xxxxx@ntdev…
> Hi, all
> I am developing a driver to filter ICMP packet using filter driver.
> Can ICMP packets be filtered by filtering \Device\Ip?
>
Correct me if I’m wrong; I believe ICMP packets are processed inside
tcpip.sys (who generates replies to ICMP echo?) so TDI filtering won’t help.
It depends on the filtering purpose which isn’t clear from original post. If
it is to hide computer or protect it against malformed ICMP packets, NDIS
filter is the answer (it is a solution even if above assumption isn’t
correct).
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
Reply To: xxxxx@lists.osr.com
Sent: Monday, March 04, 2002 6:45 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: ICMP PacketYes, you will be able to see system utility ping (uses icmp.dll) activity
filtering \Device\Ip, but ICMP packets can be also send using Winsock2 raw
sockets. You can take a look on ping sample from MSDN. In this case ICMP
packets sent using \Device\RawIp.Regards,
Vadim“brucie” wrote in message news:xxxxx@ntdev…
> > Hi, all
> > I am developing a driver to filter ICMP packet using filter driver.
> > Can ICMP packets be filtered by filtering \Device\Ip?
> >
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to %%email.unsub%%
>
Sure, ICMP packets processed by TCPIP stack in kernel (an example ICMP echo
reply). I supposed that author of the post interested in filtering outgoing
ICMP (from applications) if he askes about TDI-filtering.
Regards,
Vadim
“Michal Vodicka” wrote in message
news:xxxxx@ntdev…
>
> Correct me if I’m wrong; I believe ICMP packets are processed inside
> tcpip.sys (who generates replies to ICMP echo?) so TDI filtering won’t
help.
> It depends on the filtering purpose which isn’t clear from original post.
If
> it is to hide computer or protect it against malformed ICMP packets, NDIS
> filter is the answer (it is a solution even if above assumption isn’t
> correct).
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From: xxxxx@pcausa.com[SMTP:xxxxx@pcausa.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Monday, March 04, 2002 6:45 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] Re: ICMP Packet
> >
> > Yes, you will be able to see system utility ping (uses icmp.dll)
activity
> > filtering \Device\Ip, but ICMP packets can be also send using Winsock2
raw
> > sockets. You can take a look on ping sample from MSDN. In this case ICMP
> > packets sent using \Device\RawIp.
> >
> > Regards,
> > Vadim
> >
> > “brucie” wrote in message news:xxxxx@ntdev…
> > > Hi, all
> > > I am developing a driver to filter ICMP packet using filter driver.
> > > Can ICMP packets be filtered by filtering \Device\Ip?
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
>