- This topic has 15 replies, 4 voices, and was last updated 12 years, 11 months ago by
.
-
Posts
-
WinPkFilter doesn’t work when I’m using VPN.
I don’t have any idea how to use WinPkFilter..
What’s the problem??
Is not WinPkFilter supported VPN at the same time??
I used CNdisApi::SetMTUDecrement API, but WinPkFilter didn’t work.
I don’t know what to do..
After calling CNdisApi::GetTcpipBoundAdaptersInfo API, I got A adapter information.. Is that right?
The name(m_szAdapterNameList) of the adapter was NDISIP… bla bla..
From your post it is difficult to understand what exactly did not work and what have you expected. If you need an answer please describe the problem in the details.
I want to capture packets and redirect in SSL VPN environment. But, it seems that any packets didn’t come to my proc.
I think WinPkFilter can’t capture packets from virtual network adapter like vmware..
GetTcpipBoundAdaptersInfo(&m_listAdapter);There isn’t any information about virtual network adapter in the result. How can I get virtual adapter informations? Is it possible to capture packets and redirect from virtual adapter?
That depends from the virtual network adapter. WinpkFilter NDIS IM driver is installed for “ethernet, wan” interfaces while VMWare virtual adapters have “nolower” type. For research purposes you can modify WinpkFilter INF files and add “nolower” to “ethernet, wan” but note that this may add filtering for the network interfaces you were not supposed to filter on.
Hi
I am trying to capture packets from vmware virtual network adapter and modified the WinpkFilter NDIS IM driver as you recommended:
HKR, NdiInterfaces, FilterMediaTypes, , “nolower, ethernet, wan”
However, I cannot see the vmware virtual network adapter in my proc. I am thinking my proc supposes to show vmware network adapter as long as I put nolower in the filtermediatype. Am I correct? If I am correct, why my proc still cannot see vmware network adapter? Any suggestions?
Thanks!
This time I try to take “ethernet” out of filtermediatype in .inf file. But in my proc, I still see packets go through ethernet adapter. Any idea?
During driver installation system caches INF files and even if you uninstall the driver the cached INF stil remains in the system and used by default. Note to use fresh OS installation or clean up the system including INF/PNF cached files removal before using an updated INF.
Are there any ways that can show all the drivers’ lower range? There are more and more devices (4G or 3G broadband USB stick) coming out with different types and I want to let WinPkFilter to see the packets from them. I can set up as “no lower” type in filtermediatype but that will filter all the devices which I prefer not doing. Any idea what I can do?
Thanks!
If I want to update the filter intermediate driver, do I have to delete all the cached inf/pnf files?
Is any one able to tell me how to locate the filter intermediate driver in windows/inf folder? It seems no matter we uninstall or re-install wpkfilter, these cached files won’t be removed. So we have to locate these inf/pnf files and try to delete them. Any idea what library or function i can refer to?Thanks!
There are more and more devices (4G or 3G broadband USB stick) coming out with different types and I want to let WinPkFilter to see the packets from them.
These devices normally has wan or ethernet (if vendor provides ethernet emulation software) media type. Since Windows 7 new media type was added (Mobile Brodband stack) named ppip. All these media types are supported by WinpkFilter drivers.
I can set up as “no lower” type in filtermediatype but that will filter all the devices which I prefer not doing. Any idea what I can do?
Yes, thats right, installing on nolower media type does not have much sense. The only real world case is supporting filtering over VMWare virtual network interfaces. If VMWare adapters is a “must have” requirement I would find to find a workaround for it, may be change VMWare adapter media type to ethernet.
If I want to update the filter intermediate driver, do I have to delete all the cached inf/pnf files?
The only way to update an NDIS IM driver is to remove the old NetService and install the new version of the NetService. NetCfg does not do ‘updates’ for NetService entries. If INF files specifies a newer version of driver it should work as expected. Earlier if driver is already installed you could just replace the driver binary and reboot, however I’m not sure if it will succesfully deal with driver signing requirements as CAT file also changed.
@SerpentFly wrote:
There are more and more devices (4G or 3G broadband USB stick) coming out with different types and I want to let WinPkFilter to see the packets from them.
These devices normally has wan or ethernet (if vendor provides ethernet emulation software) media type. Since Windows 7 new media type was added (Mobile Brodband stack) named ppip. All these media types are supported by WinpkFilter drivers.
Thanks for your response. Currently, we have problems to catch packets from ppip media type. When we use “GetTcpipBoundAdaptersInfo” function from the sample code (adapter list), it seems the adapter with ppip media type doesn’t show up. What should we modify to show adapter with ppip media type?
Thanks!
@kchuang wrote:
@SerpentFly wrote:
There are more and more devices (4G or 3G broadband USB stick) coming out with different types and I want to let WinPkFilter to see the packets from them.
These devices normally has wan or ethernet (if vendor provides ethernet emulation software) media type. Since Windows 7 new media type was added (Mobile Brodband stack) named ppip. All these media types are supported by WinpkFilter drivers.
Besides, when we use WinpkFilter to access ppip media type devices, it seems the devices are unable to connect to the internet. Does WinpkFilter block the usage of ppip devices?
Besides, when we use WinpkFilter to access ppip media type devices, it seems the devices are unable to connect to the internet. Does WinpkFilter block the usage of ppip devices?
ppip is supported by NDIS 6.0 LWF WinpkFilter driver. NDIS 5.0 IM driver won’t see ppip devices.
There are no known problems with ppip devices and all samples including Internet Gateway succesfully work with this media type. However, you must be aware that ppip is a little different from ethernet an example, and your application must be aware about it.
If VMWare adapters is a “must have” requirement I would find to find a workaround for it, may be change VMWare adapter media type to ethernet.
Hello dear expert.
For me VMWare adapters is a “must have” requirement. I am eager to know the workaround. I can find nothing over internet. please help.
I should note that I am able to receive packets from VMWare adapters on xp 32 bit.
The problem shows itself with win seven 64 bit.
Bests.
- You must be logged in to reply to this topic.