Forum Replies Created
-
Posts
-
А что такое “просто пакет”? WinpkFilter позволяет послать любой произвольный массив байт в сеть или вверх к TCP/IP. Главное правильно инициализировать буфер, длину пакета и адаптер.
Ну и на всякий случай нужно отметить, что произвольный массив байт небезопасно посылать на NDISWANIP, поскольку часть MAC адреса используется как индекс WAN соединения.
Besides, when we use WinpkFilter to access ppip media type devices, it seems the devices are unable to connect to the internet. Does WinpkFilter block the usage of ppip devices?
ppip is supported by NDIS 6.0 LWF WinpkFilter driver. NDIS 5.0 IM driver won’t see ppip devices.
There are no known problems with ppip devices and all samples including Internet Gateway succesfully work with this media type. However, you must be aware that ppip is a little different from ethernet an example, and your application must be aware about it.
Using 127.XXX.XXX.XXX for redirection is senseless because in Windows such packets never reach NDIS level. You should use local real IP address instead.
Using NDIS hooking approach on x64 systems is far more complex than on x86 because NDIS image is protected by PatchGuard. In general it is possible to disable PatchGuard, but IMHO it is too deep and complicated hack into the system to be used in production environment.
There are more and more devices (4G or 3G broadband USB stick) coming out with different types and I want to let WinPkFilter to see the packets from them.
These devices normally has wan or ethernet (if vendor provides ethernet emulation software) media type. Since Windows 7 new media type was added (Mobile Brodband stack) named ppip. All these media types are supported by WinpkFilter drivers.
I can set up as “no lower” type in filtermediatype but that will filter all the devices which I prefer not doing. Any idea what I can do?
Yes, thats right, installing on nolower media type does not have much sense. The only real world case is supporting filtering over VMWare virtual network interfaces. If VMWare adapters is a “must have” requirement I would find to find a workaround for it, may be change VMWare adapter media type to ethernet.
If I want to update the filter intermediate driver, do I have to delete all the cached inf/pnf files?
The only way to update an NDIS IM driver is to remove the old NetService and install the new version of the NetService. NetCfg does not do ‘updates’ for NetService entries. If INF files specifies a newer version of driver it should work as expected. Earlier if driver is already installed you could just replace the driver binary and reboot, however I’m not sure if it will succesfully deal with driver signing requirements as CAT file also changed.
WinpkFilter 3.0.8 released. This update introduces NDIS 6.0 LightWeight Filter driver to be replace NDIS 5.0 IM driver for Windows Vista/7.
If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:
1) Your order ID.
2) An approximate date of purchasing.Внимательно читайте описание протокола TCP, например если пакет был уменьшен, то приемник ACK-нет меньшим сегментом и отправитель будет пересылать хвостик пакета до тех пор пока не получит подтверждение.И наоборот, если пакет увеличен то приемник ACK-нет большим значением чем ожидает отправитель. Принцип понятен?
In the sleep mode system may power down network interfaces thus changing the network adapters list. So in general after the system is back from the sleep mode you have to reinitialize adapters list and restart packet capturing using new adapter handles.
May the prblem is in your driver load order. If SendHandler was registered before you have had a chance to modify the results then your code will be never called.
During driver installation system caches INF files and even if you uninstall the driver the cached INF stil remains in the system and used by default. Note to use fresh OS installation or clean up the system including INF/PNF cached files removal before using an updated INF.
That depends from the virtual network adapter. WinpkFilter NDIS IM driver is installed for “ethernet, wan” interfaces while VMWare virtual adapters have “nolower” type. For research purposes you can modify WinpkFilter INF files and add “nolower” to “ethernet, wan” but note that this may add filtering for the network interfaces you were not supposed to filter on.
From your post it is difficult to understand what exactly did not work and what have you expected. If you need an answer please describe the problem in the details.
There is no difference except license terms. You can’t redistribute Free version modules or use it for any commercial needs.
Under Windows 3G mobile adapters normally appear as WAN adapter under NDISWANIP device of install their own virtual miniport (visible as LAN or WiFi connection). For the first case it is enough to filter NDSWANIP device, for the second you must track when new network connection becomes available and capture on this newly added network interface.
Another type of mobile broadband drivers (NDIS 6.2) was added by Windows 7. In the meantime these adapters can’t be intercepted by WinpkFilter NDIS IM driver. We are working on the adding NDIS LWF driver to WinpkFilter set of drivers to support this new stack.
