I think Subodh may be thinking of the MS loopback adapter; the tool used to test
network aware applications in absence of a network card.
Dan Partelly wrote:
Hi,
If I recall right the loopback mechanism for localhost trafic is internal to
TCPIP driver. Packets are not passed to NDIS for reflection. So if you want
to monitor trafic on sockets used as a local IPC mechanism, connecting to
localhost, you need TDI level. I think that coneccting to NIC adapter IP
address will result in NDIS loopback behaviour only.At TDI level filtering, you have no access to IP headers , anyway.
Maybe somone at MS can confirm this, I dont recall all details.
Dan
----- Original Message -----
From: “Subodh Gupta”
> To: “NT Developers Interest List”
> Sent: Monday, July 22, 2002 3:55 PM
> Subject: [ntdev] Re: Can a TDI Filter Driver get Headers and Frame Details
> of localhost packets ?
>
> > Hi,
> >
> > I think the biggest confusion here is about where exactly the LOOPBACK
> > feature is implemented ??
> >
> > DDK documentation says that it is inside NDIS library {for the hardware
> > which does not have loopback implemented in it} but you say that it is in
> > TCP ??
> >
> > if it is in TCP then I am filtering the right thing so i must get the
> > details (atleast for reflected packets).
> >
> > if NDIS is looping back then a filter {which will now be known as
> > Intermediate driver} should sit below tcp and above NDIS.
> >
> > Pls clear the confusion…
> > thanks in advance…
> > --Subodh
> >
> >
> > ----- Original Message -----
> > From: “Dan Partelly”
> > To: “NT Developers Interest List”
> > Sent: Monday, July 22, 2002 3:37 PM
> > Subject: [ntdev] Re: Can a TDI Filter Driver get Headers and Frame Details
> > of localhost packets ?
> >
> >
> > > 4->is it possible for me to see the header details of those IRP’s ? I
> know
> > > that probably not in case of outgoing IRP’s but what about Incoming
> IRP’s
> > > which are sent back by NDIS and TCP as a result of loopback ??
> > >
> > > Im afarid it does not work this way. the loopback mechanism is
> implemented
> > > internal to tcpip driver. And anyway,
> > > NDIS wont talk to protocol drivers through IRPs.
> > >
> > > Dan
> > >
> > > ----- Original Message -----
> > > From: “Subodh Gupta”
> > > To: “NT Developers Interest List”
> > > Sent: Monday, July 22, 2002 12:18 PM
> > > Subject: [ntdev] Re: Can a TDI Filter Driver get Headers and Frame
> Details
> > > of localhost packets ?
> > >
> > >
> > > > Hi Friends,
> > > >
> > > > I think i need to make it some more clear -
> > > >
> > > > 1-> What i am doing is i have created a filter driver which sits above
> > the
> > > > TCP.SYS and monitors all the incoming and outgoing traffic.
> > > >
> > > > 2-> since i am watching all the IRP’s so my question is regarding
> > specific
> > > > loopback and localhost IRP.
> > > > 3-> I am also hooking the events.
> > > > 4->is it possible for me to see the header details of those IRP’s ? I
> > know
> > > > that probably not in case of outgoing IRP’s but what about Incoming
> > IRP’s
> > > > which are sent back by NDIS and TCP as a result of loopback ??
> > > >
> > > > I think this makes clear what i mean to say.
> > > >
> > > > — Subodh
> > > > ----- Original Message -----
> > > > From: “Dan Partelly”
> > > > Newsgroups: ntdev
> > > > To: “NT Developers Interest List”
> > > > Sent: Sunday, July 21, 2002 4:45 PM
> > > > Subject: [ntdev] Re: Can a TDI Filter Driver get Headers and Frame
> > Details
> > > > of localhost packets ?
> > > >
> > > >
> > > > > >> would try doing a filter driver for the tcp DriverObject.
> > > > >
> > > > > Wont work. And officially you cant filter “driver objects”, only
> > device
> > > > > objects. Hooking directly the dispatch
> > > > > points in the driver object is not supported by MS. And anyway,
> access
> > > to
> > > > IP
> > > > > header is not available for a
> > > > > filter driver, layered above any of the TCP device objects. You can,
> > > > > however, identify data which is targeted
> > > > > against 127.0.0.1, but not by peeking the IP frame.
> > > > >
> > > > > >> I would try to do a filter for tcpip.sys and look at the
> packets.
> > > > >
> > > > > >> TDI is the Transfer Device Interface
> > > > >
> > > > > Actually, its Transport Driver Interface. And has nothing to do with
> > > > > winsockets and routing through sockets.
> > > > >
> > > > > Dan
> > > > >
> > > > > “William Michael Jones” wrote in message
> > > > > news:xxxxx@ntdev…
> > > > > >
> > > > > > I would try doing a filter driver for the tcp DriverObject. Note
> > that
> > > > > > tcpip.sys has tcpip, upd and other Driverobject in it. Do !Drvobj
> > > > > > tcpip.sys in NT. I would try to do a filter for tcpip.sys and
> look
> > at
> > > > > > the packets.
> > > > > >
> > > > > >
> > > > > > TDI is the Transfer Device Interface that routes the packets to
> the
> > > > > > correct driver by way of the Winsocket dll.
> > > > > >
> > > > > > I have not done this but it might help.
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntdev as: xxxxx@leadbyte.com
> > > > > To unsubscribe send a blank email to %%email.unsub%%
> > > > >
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > > To unsubscribe send a blank email to %%email.unsub%%
> > > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@leadbyte.com
> > > To unsubscribe send a blank email to %%email.unsub%%
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@okena.com
> To unsubscribe send a blank email to %%email.unsub%%