Routing to Local Host

OSR_Community_User · September 28, 2007, 12:55pm

How does Windows route packets destined to 127.0.0.1? Is there a way to
get at these packets with a NDIS IM or similar?

Gianluca_Varenni · September 28, 2007, 1:08pm

Localhost packets are routed directly by the tcp/ip protocol driver.

I don’t think you can grab those packets with an IM driver. You probably
need to use something that communicates with the tcp/ip protocol driver, if
I remember well (=i can be completely wrong) TDI filters can be used for
that.

Have a nice day
GV

–
Gianluca Varenni, Windows DDK MVP

CACE Technologies
http://www.cacetech.com

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Friday, September 28, 2007 9:57 AM
Subject: [ntdev] Routing to Local Host

> How does Windows route packets destined to 127.0.0.1? Is there a way to
> get at these packets with a NDIS IM or similar?
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

David_R_Cattley · September 28, 2007, 1:13pm

In a word, no. The ‘localhost’ interface is known only to TCPIP.SYS. The
packets are never sent into a Low Level Interface like ARP (for 802.x MAC
layers) or WANARP (for NDISWAN). As such, they never pass by an NDIS
component.

IIRC on 2K/XP/2K3 the deprecated “Firewall Hook” can see those packets. On
Vista/LH, of course, there is WFP.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@socket.net
Sent: Friday, September 28, 2007 12:57 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Routing to Local Host

How does Windows route packets destined to 127.0.0.1? Is there a way to get
at these packets with a NDIS IM or similar?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

anton_bassov · September 29, 2007, 2:10pm

> How does Windows route packets destined to 127.0.0.1? Is there a way to

get at these packets with a NDIS IM or similar?

TCPIP loops them back to the local host without passing them down to the network layer. Therefore, NDIS IM is of no help here…

Anton Bassov