Prev: Kernel mode DLL problem
Next: What are the driver signing options in Vista 32bit
From: vasantharaj.g on 12 May 2008 09:45
Hi !

I want to receive all packets in my filter hook driver and do
filtering the TCP packets which matches a particular destination
address in the network. So, I wrote a filter hook driver and is
working fine. Now, I want to get packets destined to other machines
also in the network, from my filter hook driver. How can I set the NIC
to promiscuous mode so that I shall receive other packets also in my
PacketFilterExtension function.

Is it possible? If so, how can I set it?

Please help.

thanks in advance,

regards,
vasanth.
From: Tanya Radeva [MSFT] on 12 May 2008 12:52
Add NDIS_PACKET_TYPE_PROMISCUOUS to your filter to support promiscuous mode
reading.

Best regards,
Tanya

"vasantharaj.g(a)nestgroup.net" wrote:

> Hi !
>
> I want to receive all packets in my filter hook driver and do
> filtering the TCP packets which matches a particular destination
> address in the network. So, I wrote a filter hook driver and is
> working fine. Now, I want to get packets destined to other machines
> also in the network, from my filter hook driver. How can I set the NIC
> to promiscuous mode so that I shall receive other packets also in my
> PacketFilterExtension function.
>
> Is it possible? If so, how can I set it?
>
> Please help.
>
> thanks in advance,
>
> regards,
> vasanth.
>
From: Alireza Dabagh [MS] on 12 May 2008 17:59
I did not understand exactly what your component is. "Filter hook driver"
could mean one of those nasty virus like drivers that take a shortcut by
hijacking NDIS and TCPIP entry points. It could also mean an NDIS IM filter
(or lightweight filter for NDIS 6 and higher) drivers written to spec or it
could be something else. If your driver is hijacking NDIS/TCPIP entry
points, please disregard my mail. Unfortunately many people on this
newsgroup will help you nevertheless. I can't.

If your object is to see packets sent to the other interfaces on the
network -from- this machine, then just look at them on the transmit path.

If you want to see packets sent to the other interfaces connected to the
same switch then read on.

You set a NIC to promiscuous mode by sending a set_packet_filter OID to the
NIC. (you need to be a NDIS protocol or lightweight driver to do this ). But
that will not help you. Any switch worth the box it came in, will not allow
you to see "packets destined to other machines in the network" just because
you set the NIC to promiscuous mode (with the exception of being connected
to a "mirror" port).

-ali

--
This posting is provided "AS IS" with no warranties, and confers no rights.

<vasantharaj.g(a)nestgroup.net> wrote in message
news:e37c994c-0a95-45bb-9e25-b0f59256a490(a)f24g2000prh.googlegroups.com...
> Hi !
>
> I want to receive all packets in my filter hook driver and do
> filtering the TCP packets which matches a particular destination
> address in the network. So, I wrote a filter hook driver and is
> working fine. Now, I want to get packets destined to other machines
> also in the network, from my filter hook driver. How can I set the NIC
> to promiscuous mode so that I shall receive other packets also in my
> PacketFilterExtension function.
>
> Is it possible? If so, how can I set it?
>
> Please help.
>
> thanks in advance,
>
> regards,
> vasanth.

From: PCAUSA on 12 May 2008 22:42
He is probably referring to this tyoe of Filter Hook, documented in
MSDN at URL:

http://msdn.microsoft.com/en-us/library/ms802735.aspx

Thomas F. Divine

On May 12, 5:59 pm, "Alireza Dabagh [MS]" <a...(a)online.microsoft.com>
wrote:
> I did not understand exactly what your component is. "Filter hook driver"
> could mean one of those nasty virus like drivers that take a shortcut by
> hijacking NDIS and TCPIP entry points. It could also mean an NDIS IM filter
> (or lightweight filter for NDIS 6 and higher) drivers written to spec or it
> could be something else. If your driver is hijacking NDIS/TCPIP entry
> points, please disregard my mail. Unfortunately many people on this
> newsgroup will help you nevertheless. I can't.
>
> If your object is to see packets sent to the other interfaces on the
> network -from- this machine, then just look at them on the transmit path.
>
> If you want to see packets sent to the other interfaces connected to the
> same switch then read on.
>
> You set a NIC to promiscuous mode by sending a set_packet_filter OID to the
> NIC. (you need to be a NDIS protocol or lightweight driver to do this ). But
> that will not help you. Any switch worth the box it came in, will not allow
> you to see "packets destined to other machines in the network" just because
> you set the NIC to promiscuous mode (with the exception of being connected
> to a "mirror" port).
>
> -ali
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights..
>
> <vasanthara...(a)nestgroup.net> wrote in message
>
> news:e37c994c-0a95-45bb-9e25-b0f59256a490(a)f24g2000prh.googlegroups.com...> Hi !
>
> > I want to receive all packets in my filter hook driver and do
> > filtering the TCP packets which matches a particular destination
> > address in the network. So, I wrote a filter hook driver and is
> > working fine. Now,  I want to get packets destined to other machines
> > also in the network, from my filter hook driver. How can I set the NIC
> > to promiscuous mode so that I shall receive other packets also in my
> > PacketFilterExtension function.
>
> > Is it possible? If so, how can I set it?
>
> > Please help.
>
> > thanks in advance,
>
> > regards,
> > vasanth.

From: vasantharaj.g on 13 May 2008 02:15
Hi !

Yes, the filter hook driver I mentioned is as per the msdn
documentation mentioned. Basically it is an extension to the OS
supplied packet filter. The filter hook driver works fine and I am
able to get packets to an fro the host machine. As part of the
requirement, I need to get the packets destined to another machine in
the same sub net.

It could be possible if I could enable the respective adapter and the
NIC to promiscuous mode. How can I set the
OID_GEN_CURRENT_PACKET_FILTER with type NDIS_PACKET_TYPE_PROMISCUOUS
from the filterhook driver? Is this possible? If so how? Should I
write another mini port interface?

thanks in advance,

regards,
vasanth.



On May 13, 7:42 am, PCAUSA <pca...(a)gmail.com> wrote:
> He is probably referring to this tyoe of Filter Hook, documented in
> MSDN at URL:
>
> http://msdn.microsoft.com/en-us/library/ms802735.aspx
>
> Thomas F. Divine
>
> On May 12, 5:59 pm, "Alireza Dabagh [MS]" <a...(a)online.microsoft.com>
> wrote:
>
>
>
> > I did not understand exactly what your component is. "Filter hook driver"
> > could mean one of those nasty virus like drivers that take a shortcut by
> > hijacking NDIS and TCPIP entry points. It could also mean an NDIS IM filter
> > (or lightweight filter for NDIS 6 and higher) drivers written to spec or it
> > could be something else. If your driver is hijacking NDIS/TCPIP entry
> > points, please disregard my mail. Unfortunately many people on this
> > newsgroup will help you nevertheless. I can't.
>
> > If your object is to see packets sent to the other interfaces on the
> > network -from- this machine, then just look at them on the transmit path..
>
> > If you want to see packets sent to the other interfaces connected to the
> > same switch then read on.
>
> > You set a NIC to promiscuous mode by sending a set_packet_filter OID to the
> > NIC. (you need to be a NDIS protocol or lightweight driver to do this ). But
> > that will not help you. Any switch worth the box it came in, will not allow
> > you to see "packets destined to other machines in the network" just because
> > you set the NIC to promiscuous mode (with the exception of being connected
> > to a "mirror" port).
>
> > -ali
>
> > --
> > This posting is provided "AS IS" with no warranties, and confers no rights.
>
> > <vasanthara...(a)nestgroup.net> wrote in message
>
> >news:e37c994c-0a95-45bb-9e25-b0f59256a490(a)f24g2000prh.googlegroups.com...> Hi !
>
> > > I want to receive all packets in my filter hook driver and do
> > > filtering the TCP packets which matches a particular destination
> > > address in the network. So, I wrote a filter hook driver and is
> > > working fine. Now,  I want to get packets destined to other machines
> > > also in the network, from my filter hook driver. How can I set the NIC
> > > to promiscuous mode so that I shall receive other packets also in my
> > > PacketFilterExtension function.
>
> > > Is it possible? If so, how can I set it?
>
> > > Please help.
>
> > > thanks in advance,
>
> > > regards,
> > > vasanth.- Hide quoted text -
>
> - Show quoted text -

 |  Next  |  Last
Pages: 1 2
Prev: Kernel mode DLL problem
Next: What are the driver signing options in Vista 32bit