Forum Replies Created
-
AuthorPosts
-
August 10, 2008 at 6:57 am in reply to: custom PKT&TCP RESET,Block page for Winpkfilter wwwcenso #6665
It looks you know what you need to do. What help are you asking for?
August 8, 2008 at 4:34 pm in reply to: custom PKT&TCP RESET,Block page for Winpkfilter wwwcenso #6663You can modify the packet directly without making a copy. However, don’t forget to recalculate checksums before reinjecting the modified packet. Also, if you change TCP data length you have to change TCP header SEQ value.
NDIS_PACKET_TYPE_DIRECTED limits packets received to only packets having the destination MAC address equal to local system MAC address. You have also to allow broadcast packets to let the system function normally:
NDIS_PACKET_TYPE.NDIS_PACKET_TYPE_DIRECTED | NDIS_PACKET_TYPE.NDIS_PACKET_TYPE_BROADCAST
I have performed some experiments with wireless network adapter on Windows XP SP3 having Norton Internet Security installed. I can confirm that after installation of WinpkFilter NDIS IM driver wireless connectivity is lost. But it is restored after reboot. Sometimes network stack can’t be rebound dynamically and after installation of NDIS IM driver you may have to reboot. This probably the case your users have met with WinpkFilter (both reported cases had Symantec software installed).
We have received few complains on WinpkFilter conflict with KIS 2008/2009, however we were not able to reproduce (it looks it happens only on small amount of systems) and thus can’t understand and fix this problem so far.
It looks that the “lock up” you have expirienced depends from hardware configuration (installed hardware drivers) or some third software component in addition to KIS and WinpkFilter. Could you please post or e-mail to support(at)ntkernel.com the details of the software/hardware configuration?
August 5, 2008 at 7:54 am in reply to: WinpkFilter Driver v3.0.4 Incompatability Issue On Vista #6662NDIS IM driver is a standard Windows driver and by design it has a less chance of the software conflict with other third-party applications than NDIS hooking driver. Your case looks like a software conflict.
Install Kaspersky Internet Security 7.0.0.125 d.f
We have tested the suggested configuration with Kaspersky Internet Security 7.0.1.325 (the latest one available from the official web site) and have not figured out any problems. May be the problem was specific to 7.0.0.125 and fixed in the current version.
Could you try to reproduce it after updating KIS to 7.0.1.325?
Could you try to completely uninstall Symantec software and check if problem with WinpkFilter disappear? This would help to identify the problem.
You still have not replied if you are using the latest WinpkFilter or ealier builds.
Try to e-mail us the list of installed drivers/softwares, this may sched some light.
August 3, 2008 at 12:21 pm in reply to: New event to be signaled on network interfaces configuration #6661How can I detect network interface’s status changes? And also enable/disable interface with winpk framework? Is there any details for delphi or c++?
http://www.ntkernel.com/wpfk-help/setadapterlistchangeevent.htm
As a second question, can I extract tcp packets from the SSL stream with winpk?
If this is about HTTPS then by port number 443. If another port used you can try to identify the connection, an example, by SSL certificate sent by server.
We are not aware about any problems with wireless adapters and WinpkFilter. However, please ensure that you are using the latest version of WinpkFilter.
Driver conflict with some other network software is possible and most usual problem of misbehave, details depend from what other third party low level network software you have installed on those systems.
I’d recommend to sign both CAT file and driver image.
INetCfg provides programming interface for network components management.
You can uncheck WinpkFilter Service checkbox in the connection properties to disable it (by default the service is not hidden, but in can be hidden in the custom builds).
pIPHeader.DestIp := htonl(NewDestIP.S_addr);
Don’t do this, you already have IP address in the correct byte order.
-
AuthorPosts