|
Focus on Microsoft
Question about Sniffer in Windows Sep 15 2006 11:50PM ricci cse ust hk (4 replies) Re: Question about Sniffer in Windows Sep 16 2006 12:52AM Thor (Hammer of God) (thor hammerofgod com) (1 replies) RE: Question about Sniffer in Windows Sep 16 2006 12:38AM Robert D. Holtz - Lists (robert d holtz gmail com) |
|
|
Privacy Statement |
short version is that as of SP2, the NDIS drivers that ship with XP no
longer forward traffic captured in promiscuous mode to userland code using
the standard NDIS API. Rather, the NDIS stack filters the captured
packets and culls out ones that are neither broadcast traffic nor directed
to that host computer. The architecture obviously still supports
promiscuous-mode packet capturing, but only via custom drivers. The same
is true for generation of raw sockets.
~Dathan
> David Litchfield (NGSSoftware) wrote a raw packet sniffer that did not
> need
> a driver installed, but I don't think it works post SP2 after Microsoft
> caved into pressure from crazed Gibson-ites and disabled it. You might
> want
> to see if it works for you...
>
> t
>
>
> On 9/15/06 4:50 PM, "ricci (at) cse.ust (dot) hk [email concealed]" <ricci (at) cse.ust (dot) hk [email concealed]> spoketh to all:
>
>> Hello All,
>>
>> I would like to ask why sniffer in Windows that capture data packet
>> requires installation of drivers?
>>
>> Is there any sniffer that can be used for capturing data packet without
>> installation of drivers into Windows OS?
>>
>> Please advise.
>>
>> Ricci
>>
>>
>> ------------------------------------------------------------------------
---
>> ------------------------------------------------------------------------
---
>>
>>
>>
>
>
>
> ------------------------------------------------------------------------
---
> ------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]