Sniff Netbios Packets

OSR_Community_User · September 13, 2004, 12:55am

Hi All,

I want to capture the NetBIOS packets going out from
my network adapter. I am not intersted in writting a
NDIS Miniport Filter over my NIC.( bcoz this needs
system reboot and many installation problems ) Is
there any other way to capture these packets. Like

1)Writing a Network intermediate driver.
2)Writing a virtual adapter driver and modifying the
IP route table
3)Hooking some APIs etc…

Thanks & Regards
Suja.

Do you Yahoo!?
Shop for Back-to-School deals on Yahoo! Shopping.
http://shopping.yahoo.com/backtoschool

Spiro_Trikaliotis-2 · September 13, 2004, 6:08am

Hello,

SUJA JAMES wrote:

> I want to capture the NetBIOS packets going out from my network
> adapter. I am not intersted in writting a NDIS Miniport Filter over my
> NIC.( bcoz this needs system reboot and many installation problems )
> Is there any other way to capture these packets. Like

If you only want to capture, WinPCAP (http://winpcap.polito.it/) might
help you.

HTH,
Spiro.

–
Spiro R. Trikaliotis
http://www.trikaliotis.net/

OSR_Community_User · September 13, 2004, 9:54am

Hi,
Thanks for your response. But I want to do some
manipulation on these packets. I wrote a virtual
network adapter. I just want to get the NetBIOS
packets to that virtual adapter .

Regards
Suja.

— Spiro Trikaliotis wrote:

> Hello,
>
> SUJA JAMES wrote:
>
> > I want to capture the NetBIOS packets going out
> from my network
> > adapter. I am not intersted in writting a NDIS
> Miniport Filter over my
> > NIC.( bcoz this needs system reboot and many
> installation problems )
> > Is there any other way to capture these packets.
> Like
>
> If you only want to capture, WinPCAP
> (http://winpcap.polito.it/) might
> help you.
>
> HTH,
> Spiro.
>
> –
> Spiro R. Trikaliotis
> http://www.trikaliotis.net/
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

Spiro_Trikaliotis-2 · September 13, 2004, 2:54pm

Hello Suja,

SUJA JAMES wrote:

Thanks for your response. But I want to do some manipulation on these
packets. I wrote a virtual network adapter. I just want to get the
NetBIOS packets to that virtual adapter .

If you wrote a virtual adapter, why don’t you just bind the network
protocol to your adapter? This way, the system delivers every NetBIOS
packet to you.

HTH,
Spiro.

–
Spiro R. Trikaliotis
http://www.trikaliotis.net/

OSR_Community_User · September 14, 2004, 12:49am

Hello,
Can you more specific on that… Which API I have to
look for this.
Is it possible to bind other than Protocol drivers.

Please help me…

Regards
Suja.

— Spiro Trikaliotis wrote:

> Hello Suja,
>
> SUJA JAMES wrote:
>
> > Thanks for your response. But I want to do some
> manipulation on these
> > packets. I wrote a virtual network adapter. I just
> want to get the
> > NetBIOS packets to that virtual adapter .
>
> If you wrote a virtual adapter, why don’t you just
> bind the network
> protocol to your adapter? This way, the system
> delivers every NetBIOS
> packet to you.
>
> HTH,
> Spiro.
>
> –
> Spiro R. Trikaliotis
> http://www.trikaliotis.net/
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

OSR_Community_User · September 14, 2004, 12:49am

Hello,
Can you more specific on that… Which API I have to
look for this.
Is it possible to bind other than Protocol drivers.

Please help me…

Regards
Suja.

— Spiro Trikaliotis wrote:

> Hello Suja,
>
> SUJA JAMES wrote:
>
> > Thanks for your response. But I want to do some
> manipulation on these
> > packets. I wrote a virtual network adapter. I just
> want to get the
> > NetBIOS packets to that virtual adapter .
>
> If you wrote a virtual adapter, why don’t you just
> bind the network
> protocol to your adapter? This way, the system
> delivers every NetBIOS
> packet to you.
>
> HTH,
> Spiro.
>
> –
> Spiro R. Trikaliotis
> http://www.trikaliotis.net/
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

__________________________________
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
http://messenger.yahoo.com