On May 24, 12:25 am, Vishal Swarankar <***@gmail.com>
> On May 23, 1:40 am, "m" <***@b.c> wrote:
> > WinPcap is an NDIS protocol driver. Protocol drivers are bound to
> > interfaces (in your case a dialup interface) and receive ALL packets
> > arriving on the interface and can send packets out on the interface. You
> > should expect these packets to include header information specific to the
> > interface that they have been received on and since MAC is immaterial to
> > point-to-point protocols your results are unsurprising.
> > I expect that the goal you want achieve is to create a network bridge -
> > something built into Windows. If your goal is to build a tunneling bridge
> > (i.e. forward traffic to a specific remote host via another protocol like
> > UDP), then WinPCap + winsock could work for you but the performance will be
> > poor at best because of the latency of UM-KM transitions & the IP stack
> > overhead. If you want better performance, an NDIS protocol driver + KM
> > sockets would be a reasonable solution, but is a multi-man-year project and
> > not for the feint of heart.
> > "Tom Handal" <***@gmail.com> wrote in message
> > > On May 15, 3:07 pm, "Mandy" <***@mirk.com> wrote:
> > >> Thanks Tom,
> > >> I followed your advice and as a result I really feel that I understand
> > >> more
> > >> about this stuff, but still I have some question...
> > >> My final goal is to capture packets from my dial-up dsl modem with
> > >> WinPcap
> > >> and than to transmit them to another node across the Internet. I could do
> > >> it
> > >> across LAN using the ethernet connection but the support regarding
> > >> capturing
> > >> and transmitting on dial-up is very poor(with WinPcap).
> > >> So what I ask is whether you think that it is possible to use the
> > >> ethernet
> > >> connection instead of the dial-up connection(with Wireshark I see that
> > >> the
> > >> packets are similar on both connections).
> > >> Thanks in advance
> > >> Mandy
> > >> I'm not sure exactly what you are seeing (would be helpful to see the
> > >> packet capture) but most likely you are using Point-to-Point Protocol
> > >> over Ethernet (PPPoE) and I would read about it
> > >> here:http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet
> > >> Maybe it will give you an understanding of what you are seeing.
> > >> Regards
> > >> Tom Handal
> > > Interesting project. If you want to do this just for yourself, you
> > > could probably do it fairly easily using a Layered Service Provider
> > > (LSP) in Windows. Check out this link:
> > >http://en.wikipedia.org/wiki/Layered_Service_Provider
> > > You can write one for yourself and use it to snoop the data from the
> > > TCP/UDP packets and re-transmit or do what you want with them. If
> > > you REALLY want to have fun, you can write an NDIS driver (which is
> > > what WinPCap is)... but that is very involved and probably overkill
> > > for what you want :-). LSP is much more simple and should accomplish
> > > your objective.
> > > Just beware, some anti-virus/rootkit detecting software flag LSPs
> > > because they are used a lot by malicious software.
> > > Regards
> > > Tom Handal
> LSP can't be used for re-transmitting as this is lying in parallel to
> TCP/IP stack. Its below WinSock layer, so it cant behave like a
> WinSock app , as well as it cant behave like a miniport driver for
> sending packets on interface.
> You can write a TDI client for yourself or a NDIS IM driver. Checkout
> if WFP provides a support for similar thing, but that would be Vista &
> above only.
True, but I was thinking maybe he could write an LSP (as it is easier
then TDI or NDIS) and use some sort of IPC to send this to a service
to transmit. I am not sure if he wants to re-transmit packet-for-
packet, or just send the data somewhere? Just sending the data is
easier. If not, he will have to use something like WinPCAP to send
the packets using pcap_open and pcap_sendpacket.