Alert when a packet been captured.

[bakhtiar]

Hi;

Could anyone knows how to know when a packet been captured by a filter, I want to alert the when a packet been captured by a filter…

FYI I’m using C#…

Regards

[Vadim Smirnov]

Event set to driver through SetPacketEvent API is signaled immediately on packet send/receive event.

[bakhtiar]

Thanks, this indicates a packet in general but I want to know when a specific packet caught by one of the filters.

Kind regards

[Vadim Smirnov]

It is possible to add a timestamp to packets if needed.

[bakhtiar]

How? because when a packet been captured by a filter it can not be read the IM buffer. Is it right?

Regards

[Vadim Smirnov]

Ahh, you mean packets passed without being indicated to user mode. Well, since this packets are supposed to be passed with minimal performance affect they have to no event to trigger.

[bakhtiar]

Hi;

For example, there is a filter to drop all HTTP packet, how can I now when the packet came and been captured, I want to alert the user that those packets been captured.

Regards

[Vadim Smirnov]

So far only the packets statistics (packets this filter was applied to) is accumulated for loaded filters. There is no special event to indicate that the filter was triggered.

[bakhtiar]

Hi;

In Tunnelling mode, Is it possible to read a packet to IM buffer and if this packet matches a condition then it do not resend it back to adapter or MSTCP (by this way the packet has been dropped).. Is it an efficient way to allow or drop packets.

Regards

[Vadim Smirnov]

Yes it is possible and this is the right way to drop packets.

[bakhtiar]

Hello;

This means that packets can be dropped or passed either using static filters or checking against a condition in IM buffer, but for the last approach it has more overhead and less performance, am I right?

Regards

[Author]

Posts