Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 976 through 990 (of 1,500 total)
1 2 3 65 66 67 98 99 100
  • Author
    Posts
  • March 10, 2008 at 9:26 am in reply to: Packet Filter #6562
    Vadim Smirnov
    Keymaster

      WinpkFilter получает ethernet фреймы до TCP/IP стека (который осуществляет сборку фрагментов), поэтому если из сети приходят фрагментированные пакеты, то и winpkfilter покажет именно их, а не собранный IP пакет.

      March 3, 2008 at 1:13 pm in reply to: Visual Baisc Error GetTcpipBoundAdaptersInfo nHandle, AdList #6514
      Vadim Smirnov
      Keymaster

        What Visual Basic do you actually use? The samples were created for Visual Basic 6, so if you are using them under Visual Basic .NET then then the behavior can be different. An example managed memory can’t be directly passed to driver.

        February 29, 2008 at 1:28 pm in reply to: IRQ selection #6560
        Vadim Smirnov
        Keymaster

          For the legacy NT driver you could use HAL routines to reconfigure your device, for PnP driver you better stick with PnP manager. This paper should be of some help to understand the difference: http://www.hollistech.com/Resources/Misc%20art … usdata.doc

          February 25, 2008 at 10:56 am in reply to: Order & Appearance of Virtnet in the XP Registry #6557
          Vadim Smirnov
          Keymaster

            What do excatly mean under “order”? I would not recommend to edit network configuration through the registry, however VirtNet can be found in the registry like any other network interface.

            February 25, 2008 at 10:53 am in reply to: detect Sent or received message? #6546
            Vadim Smirnov
            Keymaster

              how works the winpkfilter, for setting up the SEND / Received message?

              If packet comes from the network it is marked as ON_RECEIVE and ON_SEND otherwise.

              and what do you think, how many packets are an overflow from the local mac if i capture theses by it

              Sorry, I don’t understand the question, could you clarify?

              February 20, 2008 at 10:00 am in reply to: NeT Firewall 2.x Does Not Load Port Mapping on Startup #6556
              Vadim Smirnov
              Keymaster

                2.x firewall service loaded only filters and adapter modes, new features like port mappings were not supported. It was fixed in 3.x

                February 20, 2008 at 9:57 am in reply to: Can directly send/recieve UDP Packets? #6552
                Vadim Smirnov
                Keymaster

                  Loading the following filter will force all UDP packets to pass without processing in user mode, all other packets will be redirected for processing to user mode.

                  // Common values
                  
pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
                  
pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID;
                  
pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_PASS;
                  
pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND | PACKET_FLAG_ON_RECEIVE;
                  

                  
// Network layer filter
                  
pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
                  
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;
                  
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;

                  Refer “filter” sample for the general filters usage.

                  February 15, 2008 at 11:48 pm in reply to: Can directly send/recieve UDP Packets? #6550
                  Vadim Smirnov
                  Keymaster

                    Can UDP packets pass without entering winpk filter?

                    No, unless you have loaded a filter to pass UDP packets without user-mode processing.

                    February 14, 2008 at 7:24 pm in reply to: Create New Ethernet Packet problem #6376
                    Vadim Smirnov
                    Keymaster

                      Can I do it using winpkfilter ? If yes how can I do that ?

                      You can. Just set IP/TCP headers as I have set Ethernet header in the sample above. The actual values of IP/TCP headers depend from the packet you intend to form.

                      pavankvnaidu posted a sample where he tries to initialize IP and UDP headers, you have to do the similar job.

                      February 14, 2008 at 7:19 pm in reply to: VirtNet doesn’t appear in taskmgr #6549
                      Vadim Smirnov
                      Keymaster

                        Actually that depends on how you do copy data. If, an example, you have VirtNet NIC with IP address 192.168.1.101 and send ping packets on it:

                        ping 192.168.1.101 -t

                        Then actually non of the ping echo packet ever really reach the NIC, all data sent/received to/from local interfaces are processed inside TCP/IP. So no real network usage….

                        February 11, 2008 at 8:47 pm in reply to: NDIS IM – change packet content #6535
                        Vadim Smirnov
                        Keymaster

                          может ли происходить такое из-за того, что реальный отправляемый пакет отличается по длине от исходного?

                          Нет, скорее уж потому что ты каким-то образом поломал оригинальный пакет… Падает то система на освобождении оригинального пакета…

                          Где-то что-то сделано неверно, но вот что и где…

                          February 11, 2008 at 8:41 pm in reply to: detect Sent or received message? #6544
                          Vadim Smirnov
                          Keymaster

                            please do not say me though the winpkfilter data. How can i handle that though the gernal ip-header or tcp-header?

                            You can try to match Ethernet/IP address information (an example, source MAC == local NIC MAC ==> outgoing), but this does not give any guarantee because it is possible to send an arbitrary packet on the network.

                            February 11, 2008 at 8:33 pm in reply to: Packet Length via ip_len failed? #6543
                            Vadim Smirnov
                            Keymaster

                              pIpHeader->ip_len is in network byte order, so it should be:

                              DWORD dwDataLength = ntohs(pIpHeader->ip_len) - ( pIpHeader->ip_hl*4 + pTcpHeader->th_off*4);
                              February 11, 2008 at 8:25 pm in reply to: Create New Ethernet Packet problem #6374
                              Vadim Smirnov
                              Keymaster

                                Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )

                                Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..

                                February 11, 2008 at 8:20 pm in reply to: VirtNet doesn’t appear in taskmgr #6547
                                Vadim Smirnov
                                Keymaster

                                  Drivers are not displayed in Task Manager which shows only user mode processes. You can see services associated with the virtual NIC’s (like in case with VMware), but not the drivers themselves.

                                • Author
                                  Posts
                                Viewing 15 posts - 976 through 990 (of 1,500 total)
                                1 2 3 65 66 67 98 99 100