I have a dummy network driver in embryonic stage. Right after it is
installed…it starts receiving packets from the OS (Win2k).
Being dummy it discard packets and returns success (which doesn’t seem to
bother the OS). What I need to know is:
1 - what kind of packets are sent by the OS when no application is using the
driver and even when its not bound to any IP Address as yet.
2 - what needs to be done to respond to a ping packet.
Thanks for any help/comments.
Hassan
P.S the driver uses NdisMedium802_3.
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
The only thing to do is to examine the packets that are being sent, decode
what they are, and (only if necessary) fabricate a necessary reply.
To understand what must be done to reply to a PING, you must examine the
applicable RFC’s. One starting point is
http:.
There are a bunch of other things that you must consider. For example, your
dummy card must have a “real” Ethernet physical address.
Your card must respond reasonably to any NdisRequest (OID’s…) that are
passed to it. See the DDK for mandatory OID’s that you must respond to. See
example real NICs for what they do.
Your card must interpret setting OID_GEN_CURRENT_PACKET_FILTER, which is
effectively the “on/off” switch for reception.
Before responding to a PING, the remote end (a figment of your imagination,
in this case) must respond to an ARP to fetch the destination Ethernet
address.
You must study books on network protocols and the link above to implement
your dummy driver.
I would also suggest watching the network with a Network Monitor to
understand that packets are being sent, why, and the responses that are
observed.
Good luck,
Thomas F. Divine
PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:
----- Original Message -----
From: Hassan Khan
To: NT Developers Interest List
Sent: Friday, March 23, 2001 1:39 PM
Subject: [ntdev] Ndis driver & packet
> I have a dummy network driver in embryonic stage. Right after it is
> installed…it starts receiving packets from the OS (Win2k).
> Being dummy it discard packets and returns success (which doesn’t seem to
> bother the OS). What I need to know is:
>
> 1 - what kind of packets are sent by the OS when no application is using
the
> driver and even when its not bound to any IP Address as yet.
> 2 - what needs to be done to respond to a ping packet.
>
>
> Thanks for any help/comments.
> Hassan
>
> P.S the driver uses NdisMedium802_3.
>
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>
You can issue
ping localhost
in order to test the dummy network driver.
-----Original Message-----
From: Thomas F. Divine [SMTP:xxxxx@pcausa.com]
Sent: Friday, March 23, 2001 11:11 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Ndis driver & packet
The only thing to do is to examine the packets that are being sent, decode
what they are, and (only if necessary) fabricate a necessary reply.
To understand what must be done to reply to a PING, you must examine the
applicable RFC’s. One starting point is
http:.
>
> There are a bunch of other things that you must consider. For example,
> your
> dummy card must have a “real” Ethernet physical address.
>
> Your card must respond reasonably to any NdisRequest (OID’s…) that are
> passed to it. See the DDK for mandatory OID’s that you must respond to.
> See
> example real NICs for what they do.
>
> Your card must interpret setting OID_GEN_CURRENT_PACKET_FILTER, which is
> effectively the “on/off” switch for reception.
>
> Before responding to a PING, the remote end (a figment of your
> imagination,
> in this case) must respond to an ARP to fetch the destination Ethernet
> address.
>
> You must study books on network protocols and the link above to implement
> your dummy driver.
>
> I would also suggest watching the network with a Network Monitor to
> understand that packets are being sent, why, and the responses that are
> observed.
>
> Good luck,
>
> Thomas F. Divine
>
> PCAUSA - Toolkits & Resources For Network Software Developers
> NDIS Protocol - NDIS Intermediate - TDI Client
> http: - http:
>
>
> ----- Original Message -----
> From: Hassan Khan
> To: NT Developers Interest List
> Sent: Friday, March 23, 2001 1:39 PM
> Subject: [ntdev] Ndis driver & packet
>
>
> > I have a dummy network driver in embryonic stage. Right after it is
> > installed…it starts receiving packets from the OS (Win2k).
> > Being dummy it discard packets and returns success (which doesn’t seem
> to
> > bother the OS). What I need to know is:
> >
> > 1 - what kind of packets are sent by the OS when no application is using
> the
> > driver and even when its not bound to any IP Address as yet.
> > 2 - what needs to be done to respond to a ping packet.
> >
> >
> > Thanks for any help/comments.
> > Hassan
> >
> > P.S the driver uses NdisMedium802_3.
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nai.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>
From what I’ve seen here is that when the system comes up and If u have any
protocols bound to your card, each protocol will send a set of discovery
packets onto the network and depending upon the reply/status of the packet
further comminucation will be initiated.
For instance when I bind TCPIP to the card, I find that when the system
comes up it sends out a bunch of 42 byte ARP packets.
Also if for the first few packets I returned failure then it will not send
any more packets at all till the driver is restarted, of if it returns
success then I get another bumch of packets some from NETBEUI.
Each protocol will send it’s own set of discovery packets.
This will affect this like how the network neighborhood reponds when u open
it etc.
Ramit.
----- Original Message -----
From: “Thomas F. Divine”
To: “NT Developers Interest List”
Sent: Saturday, March 24, 2001 12:40 AM
Subject: [ntdev] Re: Ndis driver & packet
> The only thing to do is to examine the packets that are being sent, decode
> what they are, and (only if necessary) fabricate a necessary reply.
>
> To understand what must be done to reply to a PING, you must examine the
> applicable RFC’s. One starting point is
> http:.
>
> There are a bunch of other things that you must consider. For example,
your
> dummy card must have a “real” Ethernet physical address.
>
> Your card must respond reasonably to any NdisRequest (OID’s…) that are
> passed to it. See the DDK for mandatory OID’s that you must respond to.
See
> example real NICs for what they do.
>
> Your card must interpret setting OID_GEN_CURRENT_PACKET_FILTER, which is
> effectively the “on/off” switch for reception.
>
> Before responding to a PING, the remote end (a figment of your
imagination,
> in this case) must respond to an ARP to fetch the destination Ethernet
> address.
>
> You must study books on network protocols and the link above to implement
> your dummy driver.
>
> I would also suggest watching the network with a Network Monitor to
> understand that packets are being sent, why, and the responses that are
> observed.
>
> Good luck,
>
> Thomas F. Divine
>
> PCAUSA - Toolkits & Resources For Network Software Developers
> NDIS Protocol - NDIS Intermediate - TDI Client
> http: - http:
>
>
> ----- Original Message -----
> From: Hassan Khan
> To: NT Developers Interest List
> Sent: Friday, March 23, 2001 1:39 PM
> Subject: [ntdev] Ndis driver & packet
>
>
> > I have a dummy network driver in embryonic stage. Right after it is
> > installed…it starts receiving packets from the OS (Win2k).
> > Being dummy it discard packets and returns success (which doesn’t seem
to
> > bother the OS). What I need to know is:
> >
> > 1 - what kind of packets are sent by the OS when no application is using
> the
> > driver and even when its not bound to any IP Address as yet.
> > 2 - what needs to be done to respond to a ping packet.
> >
> >
> > Thanks for any help/comments.
> > Hassan
> >
> > P.S the driver uses NdisMedium802_3.
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@wipro.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>
Thanks for inputs. I started with examining and decoding the packets and made
some sense. My windows 2000 is configured to get IP Address automatically from
the DHCP server for each NIC. I already have one NIC installed on my PC so I am
already on network. Installation of new dummy driver (and NIC from Windows
viewpoint) results in DHCP packets being sent to the DHCP server. First packet
sent is a DHCPDISCOVER (discovery packet ). My guess is that its sent to both
NICs …then couple of more packets are sent and finally, through the other
NIC, my new driver (psuedo-NIC) is assigned an IP Address.
Once IP Address is assigned a couple of Gratuitous ARP packets are sent …they
are just to announce to the world that this is assigned to the new
card is there anyone disputing the claim ? Since I am discarding all packets
Windows think everything is all right.
But I found that doing ping locally works for me. I am unable to explain why
its working since I am not doing loopback and effectively not returning any
packet to NDIS.
Hassan
Ramit Bhalla wrote:
> >From what I’ve seen here is that when the system comes up and If u have any
> protocols bound to your card, each protocol will send a set of discovery
> packets onto the network and depending upon the reply/status of the packet
> further comminucation will be initiated.
>
> For instance when I bind TCPIP to the card, I find that when the system
> comes up it sends out a bunch of 42 byte ARP packets.
> Also if for the first few packets I returned failure then it will not send
> any more packets at all till the driver is restarted, of if it returns
> success then I get another bumch of packets some from NETBEUI.
>
> Each protocol will send it’s own set of discovery packets.
>
> This will affect this like how the network neighborhood reponds when u open
> it etc.
>
> Ramit.
> ----- Original Message -----
> From: “Thomas F. Divine”
> To: “NT Developers Interest List”
> Sent: Saturday, March 24, 2001 12:40 AM
> Subject: [ntdev] Re: Ndis driver & packet
>
> > The only thing to do is to examine the packets that are being sent, decode
> > what they are, and (only if necessary) fabricate a necessary reply.
> >
> > To understand what must be done to reply to a PING, you must examine the
> > applicable RFC’s. One starting point is
> > http:.
> >
> > There are a bunch of other things that you must consider. For example,
> your
> > dummy card must have a “real” Ethernet physical address.
> >
> > Your card must respond reasonably to any NdisRequest (OID’s…) that are
> > passed to it. See the DDK for mandatory OID’s that you must respond to.
> See
> > example real NICs for what they do.
> >
> > Your card must interpret setting OID_GEN_CURRENT_PACKET_FILTER, which is
> > effectively the “on/off” switch for reception.
> >
> > Before responding to a PING, the remote end (a figment of your
> imagination,
> > in this case) must respond to an ARP to fetch the destination Ethernet
> > address.
> >
> > You must study books on network protocols and the link above to implement
> > your dummy driver.
> >
> > I would also suggest watching the network with a Network Monitor to
> > understand that packets are being sent, why, and the responses that are
> > observed.
> >
> > Good luck,
> >
> > Thomas F. Divine
> >
> > PCAUSA - Toolkits & Resources For Network Software Developers
> > NDIS Protocol - NDIS Intermediate - TDI Client
> > http: - http:
> >
> >
> > ----- Original Message -----
> > From: Hassan Khan
> > To: NT Developers Interest List
> > Sent: Friday, March 23, 2001 1:39 PM
> > Subject: [ntdev] Ndis driver & packet
> >
> >
> > > I have a dummy network driver in embryonic stage. Right after it is
> > > installed…it starts receiving packets from the OS (Win2k).
> > > Being dummy it discard packets and returns success (which doesn’t seem
> to
> > > bother the OS). What I need to know is:
> > >
> > > 1 - what kind of packets are sent by the OS when no application is using
> > the
> > > driver and even when its not bound to any IP Address as yet.
> > > 2 - what needs to be done to respond to a ping packet.
> > >
> > >
> > > Thanks for any help/comments.
> > > Hassan
> > >
> > > P.S the driver uses NdisMedium802_3.
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@wipro.com
> > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
> —
> You are currently subscribed to ntdev as: xxxxx@trimedia.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:>
Ping to the local host address is performed entirely in the TCP/IP driver
without toughing NDIS.
Regards,
Thomas F. Divine
PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:
----- Original Message -----
From: Hassan Khan
To: NT Developers Interest List
Sent: Tuesday, March 27, 2001 2:52 PM
Subject: [ntdev] Re: Ndis driver & packet
> Thanks for inputs. I started with examining and decoding the packets and
made
> some sense. My windows 2000 is configured to get IP Address automatically
from
> the DHCP server for each NIC. I already have one NIC installed on my PC so
I am
> already on network. Installation of new dummy driver (and NIC from Windows
> viewpoint) results in DHCP packets being sent to the DHCP server. First
packet
> sent is a DHCPDISCOVER (discovery packet ). My guess is that its sent to
both
> NICs …then couple of more packets are sent and finally, through the
other
> NIC, my new driver (psuedo-NIC) is assigned an IP Address.
>
> Once IP Address is assigned a couple of Gratuitous ARP packets are sent
…they
> are just to announce to the world that this is assigned to
the new
> card is there anyone disputing the claim ? Since I am discarding all
packets
> Windows think everything is all right.
>
> But I found that doing ping locally works for me. I am unable to explain
why
> its working since I am not doing loopback and effectively not returning
any
> packet to NDIS.
>
> Hassan
>
—
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:>