Hi!
Well, I really don’t want to use an intermediate driver,
since it’ll slow the entire machine down.
In addition, my driver will not work all the time, so
it’s a waste putting an IM driver that just passes
frames… Think of the overhead…
I want to put my driver above the layer 2 protocol,
regardless of its type. I want my stack to be able to
send IP datagrams without worrying about anything else.
If possible, I also don’t want to make the user reboot
his machine. I want to bind my driver dynamically,
but let’s leave it to later times.
If this is not possible - does anybody know why can’t
the packet.sys sample attach itself over the NdisWan driver?
The driver reports that it founds a MAC driver call NdisWan6, and
binds to it, but when I do a CreateFile(), it fails with error code 25
(SEEK_ERROR !!!). The PacketOpenAdapterComplete() then reports failure.
Note that in this stage, all I want to do is listen to the network…
Ideas?
regards,
Barak Mandelovich xxxxx@mercury.co.il
Mercury Interactive ltd.
-----Original Message-----
From: Ed Lau [mailto:xxxxx@midcore.com]
Sent: Wednesday, August 02, 2000 5:05 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Listening to PPP traffic over modem
On NT and Win 2000, I used a modified version of the IMSAMP driver provided
by Jim Mateer (it captures all TCP/IP traffic - TCP, UDP, ICMP, etc.), which
can be found here:
http://www.pcausa.com/resources/ndisimfaq.htm#PCAUSANDISIM
It works with RAS; the major changes (for supporting RAS/NdisWan adapters)
are in the .INF file and the medium reported by the driver in
MiniportInitialize must be NdisMedium802_3, rather than NdisMediumWan. You
might also have to disable IP Header Compression on the dial-up networking
entry for the modem, as well.
To get it work on Win 2K, you can install it using a modified version of the
filter sample in the network section of the Win 2K DDK; in the DriverEntry
function, when filling in the DriverObject->MajorFunction table, save the
original DriverObject’s IRP_MJ_PNP, IRP_MJ_POWER, and IRP_MJ_SYSTEM_CONTROL
handlers; you’ll want to place these in your DriverObject when calling
IoCreateDevice. I suppose this won’t be a true WDM driver, but it does work.
Ed
----- Original Message -----
From: Barak Mandelovich
To: NT Developers Interest List
Sent: Wednesday, August 02, 2000 11:07 AM
Subject: [ntdev] Listening to PPP traffic over modem
> Hello, fellow developers!
>
> Remember the packet.sys sample from Microsoft,
> the one that attaches to the MAC driver and can listen to
> the traffic and send frames over the network?
>
> I need to do the same, but for a modem. i.e.: I should attach
> my driver to the modem driver, and send/receive packets
> using it (thus, bypassing the system’s TCP/IP stack).
>
> In other words - I want to build my own TCP/IP stack.
>
> The problem is, that I don’t want to handle all kinds of
> layer 2 protocols (ppp, slip, adsl(?), isdn-ppp etc.).
>
> Is there a way for me to be attached to an upper-layer driver,
> which is still under the TCP/IP stack?
>
> Currently, I’m trying to attach to the NdisWan driver, and just
> “snoop” the traffic - I want to print all packets sent.
>
> However, when I try to make the packet.sys sample to attach
> the NdisWan, it fails.
>
> Any ideas? Any suggestions for places I can look at?
> Does anybody know how the TCP/IP stack uses the NdisWan?
>
>
> best regards,
>
> - Barak Mandelovich
>
>
> ------------------------------------------------------------------------
> Barak Mandelovich xxxxx@mercury.co.il
> Mercury Interactive ltd.
> ------------------------------------------------------------------------
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@midcore.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
—
You are currently subscribed to ntdev as: xxxxx@mercury.co.il
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
(a hack: this flag can be changed directly in DEVICE_OBJECT).