Winpk filter on Windows 7

[alourenco]

I have 3 notebooks at home: two with Windows 7 and one with Windows 8.

I’ve installed Winpk filter on all of them but it only worked on the Windows 8 machine.

By working, I mean that I could see packets coming and going with the samples packetsniff.exe and passthrough.exe when selecting my Ethernet device.

In the Windows 7 machines I could see some packets coming but they had weird Ethernet Address (both destination and source) and none of them corresponded to my interface MAC address.

I tried selecting other devices (actually I tried all of them) but saw no packets.

The windows 7 versions I’m using are Starter and Professional.

[Vadim Smirnov]

Could you provide more details?
1) ListAdapters output.
2) PassThru output. For this test ping one of other notebooks.
3) IPCONFIG output.

We are not aware about any issues with Windows 7, so it must be something about your configuration or usage.

[alourenco]

1) ListAdapters output.

The following network interfaces are available to MSTCP:
1) Conexão de Rede sem Fio 2.
Internal Name: DEVICE{12DFA54D-03B1-4E18-BEEC-6172259EDAC6}
Current MAC: 4CEDDED5D527
Medium: 0x00000000
Current MTU: 1500
Current adapter mode = 0x0
2) WAN Network Interface (IPv6).
Internal Name: DEVICENDISWANIPV6
Current MAC: D46F20524153
Medium: 0x00000003
Current MTU: 1500
Current adapter mode = 0x0
Number of active WAN links: 0
3) WAN Network Interface (IP).
Internal Name: DEVICENDISWANIP
Current MAC: D46F20524153
Medium: 0x00000003
Current MTU: 1500
Current adapter mode = 0x0
Number of active WAN links: 0
4) WAN Network Interface (BH).
Internal Name: DEVICENDISWANBH
Current MAC: D46F20524153
Medium: 0x00000003
Current MTU: 1500
Current adapter mode = 0x0
5) Conexão local 2.
Internal Name: DEVICE{34BA1839-2615-4B87-A56D-B5C5BDE51B28}
Current MAC: E81132042D36
Medium: 0x00000000
Current MTU: 1500
Current adapter mode = 0x0
6) Conexão de Rede sem Fio.
Internal Name: DEVICE{68402D6E-50D7-4D1C-BC11-ABFF99979CAD}
Current MAC: 4CEDDED5D527
Medium: 0x00000010
Current MTU: 1500
Current adapter mode = 0x0

Current system wide MTU decrement = 0

Default adapter startup mode = 0x0

2) PassThru output. For this test ping one of other notebooks.

49 – Interface –> MSTCP
Packet size = 240
Source MAC: C0A80102E000
Destination MAC: 00000111C8A1

48 – MSTCP –> Interface
Packet size = 76
Source MAC: C0A8010CC0A8
Destination MAC: 000080116CBB

47 – Interface –> MSTCP
Packet size = 314
Source MAC: C0A80101C0A8
Destination MAC: 400040115CEB

46 – Interface –> MSTCP
Packet size = 314
Source MAC: C0A80101C0A8
Destination MAC: 400040115CEA

45 – Interface –> MSTCP
Packet size = 323
Source MAC: C0A80101C0A8
Destination MAC: 400040115CE0

44 – Interface –> MSTCP
Packet size = 323
Source MAC: C0A80101C0A8
Destination MAC: 400040115CDF

43 – Interface –> MSTCP
Packet size = 378
Source MAC: C0A80101C0A8
Destination MAC: 400040115CA7

42 – Interface –> MSTCP
Packet size = 378
Source MAC: C0A80101C0A8
Destination MAC: 400040115CA6

41 – Interface –> MSTCP
Packet size = 388
Source MAC: C0A80101C0A8
Destination MAC: 400040115C9B

40 – Interface –> MSTCP
Packet size = 388
Source MAC: C0A80101C0A8
Destination MAC: 400040115C9A

39 – Interface –> MSTCP
Packet size = 92
Source MAC: C0A80101C0A8
Destination MAC: 40004011694A

38 – MSTCP –> Interface
Packet size = 208
Source MAC: 00000000018A
Destination MAC: 1101FE800000

37 – MSTCP –> Interface
Packet size = 175
Source MAC: C0A8010CEFFF
Destination MAC: 00000111BD06

36 – Interface –> MSTCP
Packet size = 411
Source MAC: C0A80101C0A8
Destination MAC: 40004011BA22

35 – Interface –> MSTCP
Packet size = 314
Source MAC: C0A80101C0A8
Destination MAC: 400040115CE3

34 – Interface –> MSTCP
Packet size = 314
Source MAC: C0A80101C0A8
Destination MAC: 400040115CE2

33 – Interface –> MSTCP
Packet size = 323
Source MAC: C0A80101C0A8
Destination MAC: 400040115CD8

32 – Interface –> MSTCP
Packet size = 323
Source MAC: C0A80101C0A8
Destination MAC: 400040115CD7

31 – Interface –> MSTCP
Packet size = 378
Source MAC: C0A80101C0A8
Destination MAC: 400040115C9F

30 – Interface –> MSTCP
Packet size = 378
Source MAC: C0A80101C0A8
Destination MAC: 400040115C9E

29 – Interface –> MSTCP
Packet size = 388
Source MAC: C0A80101C0A8
Destination MAC: 400040115C93

28 – Interface –> MSTCP
Packet size = 388
Source MAC: C0A80101C0A8
Destination MAC: 400040115C92

27 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CCA

26 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164F0

25 – Interface –> MSTCP
Packet size = 1328
Source MAC: C0A80102C0A8
Destination MAC: 00008011A77D

24 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC9

23 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164EE

22 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC8

21 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164ED

20 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC7

19 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164EC

18 – MSTCP –> Interface
Packet size = 208
Source MAC: 00000000018A
Destination MAC: 1101FE800000

17 – Interface –> MSTCP
Packet size = 212
Source MAC: C0A80102C0A8
Destination MAC: 00008011ABD5

16 – Interface –> MSTCP
Packet size = 42
Source MAC: FEDEC0A8010B
Destination MAC: 00011C659D52

15 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC6

14 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164EA

13 – MSTCP –> Interface
Packet size = 165
Source MAC: C0A8010CEFFF
Destination MAC: 00000111BD0A

12 – MSTCP –> Interface
Packet size = 208
Source MAC: 00000000018A
Destination MAC: 1101FE800000

11 – MSTCP –> Interface
Packet size = 223
Source MAC: C0A8010CC0A8
Destination MAC: 000080116B22

10 – Interface –> MSTCP
Packet size = 243
Source MAC: C0A80102C0A8
Destination MAC: 00008011ABB4

9 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC3

8 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164E8

7 – Interface –> MSTCP
Packet size = 60
Source MAC: 0D6CC0A80102
Destination MAC: 0001DC0EA101

6 – Interface –> MSTCP
Packet size = 60
Source MAC: 0D6CC0A80102
Destination MAC: 0001DC0EA101

5 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC2

4 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164E7

3 – MSTCP –> Interface
Packet size = 223
Source MAC: C0A8010CC0A8
Destination MAC: 000080116B1F

2 – Interface –> MSTCP
Packet size = 243
Source MAC: C0A80102C0A8
Destination MAC: 00008011ABB1

1 – Interface –> MSTCP
Packet size = 60
Source MAC: 0D6CC0A80102
Destination MAC: 0001DC0EA101

0 – Interface –> MSTCP
Packet size = 60
Source MAC: 0D6CC0A80102
Destination MAC: 0001DC0EA101
Filtering complete

3) IPCONFIG output.
I’m sorry, ipconfig output is in portuguese…

Configura‡Æo de IP do Windows

Nome do host. . . . . . . . . . . . . . . . : Andre-Note
Sufixo DNS prim rio . . . . . . . . . . . . :
Tipo de n¢. . . . . . . . . . . . . . . . . : h¡brido
Roteamento de IP ativado. . . . . . . . . . : sim
Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio 2:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Endere‡o F¡sico . . . . . . . . . . . . . . : 4C-ED-DE-D5-D5-27
DHCP Habilitado . . . . . . . . . . . . . . : Sim
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador Ethernet ConexÆo de Rede Bluetooth:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Endere‡o F¡sico . . . . . . . . . . . . . . : 4C-ED-DE-6B-25-EF
DHCP Habilitado . . . . . . . . . . . . . . : Sim
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Endere‡o F¡sico . . . . . . . . . . . . . . : 4C-ED-DE-D5-D5-27
DHCP Habilitado . . . . . . . . . . . . . . : Sim
Configura‡Æo Autom tica Habilitada. . . . . : Sim
Endere‡o IPv6 de link local . . . . . . . . : fe80::18a:c18d:ba7:5e54%13(Preferencial)
Endere‡o IPv4. . . . . . . . . . . . . . . : 192.168.1.12(Preferencial)
M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
ConcessÆo Obtida. . . . . . . . . . . . . . : quinta-feira, 29 de agosto de 2013 00:48:28
ConcessÆo Expira. . . . . . . . . . . . . . : segunda-feira, 2 de setembro de 2013 11:10:41
Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.1.1
Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
IAID de DHCPv6. . . . . . . . . . . . . . . : 323808734
DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-14-22-8C-7D-00-24-54-27-54-E5
Servidores DNS. . . . . . . . . . . . . . . : 192.168.1.1
NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador Ethernet ConexÆo local 2:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller #2
Endere‡o F¡sico . . . . . . . . . . . . . . : E8-11-32-04-2D-36
DHCP Habilitado . . . . . . . . . . . . . . : Sim
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel Reusable ISATAP Interface {EA9E9E2B-B889-42C3-B07E-BFDB588A30BF}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel ConexÆo Local* 14:

Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim
Endere‡o IPv6 . . . . . . . . . . . . . . . : 2001:0:9d38:953c:34e7:14c8:42f4:16df(Preferencial)
Endere‡o IPv6 de link local . . . . . . . . : fe80::34e7:14c8:42f4:16df%23(Preferencial)
Gateway PadrÆo. . . . . . . . . . . . . . . : ::
NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado

Adaptador de t£nel isatap.{68402D6E-50D7-4D1C-BC11-ABFF99979CAD}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #4
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{34BA1839-2615-4B87-A56D-B5C5BDE51B28}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #3
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{C01A2F24-7970-448A-8B04-B3FA7D45984E}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #2
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel 6TO4 Adapter:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft 6to4
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel isatap.{12DFA54D-03B1-4E18-BEEC-6172259EDAC6}:

Estado da m¡dia. . . . . . . . . . . . . . : m¡dia desconectada
Sufixo DNS espec¡fico de conexÆo. . . . . . :
Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #5
Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Habilitado . . . . . . . . . . . . . . : NÆo
Configura‡Æo Autom tica Habilitada. . . . . : Sim

[Vadim Smirnov]

From what I can see WinpkFilter is installed and works. An example these are definitely your ICMP PING packets:

9 – MSTCP –> Interface
Packet size = 74
Source MAC: C0A8010CC0A8
Destination MAC: 000080016CC3

8 – Interface –> MSTCP
Packet size = 74
Source MAC: C0A80102C0A8
Destination MAC: 0000800164E8

But for some reason packet is not correctly parsed by passthru sample. This may be caused by version mismatch between driver and passthru application (INTERMEDIATE_BUFFER structure was changed several times in last versions and it is important to use driver and application built on the same common.h).

[Author]

Posts