packet capturing

Hello,
what kind of driver is most suitable for capturing network packets ?
NDIS intermediate or NDIS transport ?

If your purpose is capture only and you don’t intend to modify the
stream of packets (i.e., modify them or accept/deny passing them), then
doing a transport protocol driver would be much easier. Set your packet
filter to ALL_LOCAL or PROMISUOUS.

Bryan S. Burgin
xxxxx@microsoft.com

This posting is provided “AS IS” with no warranties, and confers no
rights.

-----Original Message-----
From: Max Woo [mailto:xxxxx@hotmail.com]
Sent: Thursday, July 18, 2002 2:56 PM
To: NT Developers Interest List
Subject: [ntdev] packet capturing

Hello,
what kind of driver is most suitable for capturing network packets ?
NDIS intermediate or NDIS transport ?

You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to %%email.unsub%%

The Windows XP DDK “NDISUIO” sample is a good place to start. Also search
for “Win PCap” on the net.

After looking at them, also take the “Rawether Tour” at
http://www.rawether.net to get some additional thoughts about writing NDIS
protocol drivers.

Good luck,

Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
http: - http:

“Max Woo” wrote in message news:xxxxx@ntdev…
>
> Hello,
> what kind of driver is most suitable for capturing network packets ?
> NDIS intermediate or NDIS transport ?
>
>
>
></http:></http:>