Hi all,
I writed a network packet sucker for Win2K based on the packet sample
in DDK. The packet sucker consists of a ndis driver and a user mode
application. Although it works, but its performance is just poor. For
example, it may get the first SYN of tcp/ip connection from by some client
but then lost the respone ACK/SYN from the server. I don’t think that the
reason is the hardware, because lost of packets reproduces even one of the
hosts is just my own machine. I tried the Packet sample with serval types
of filter predefined in DDK, and it works much better.
I think there should be two critcal delay parts, one is inside the
kernel that is from the hardware to my drver, another is from kernel to
user mode application. But, how could i reduce them? Should i consider some
other architecture for the packet sucker?
I realy appreciate your advice!
Regards
xjaguar