Re: Question about Sniffer in Windows

From: "Leslie D. Bennett" <ldb007@xxxxxxxx>
Date: Sat, 16 Sep 2006 15:36:28 -0500 (CDT)

That's exactly why sniffers typically require driver installation. The
short version is that as of SP2, the NDIS drivers that ship with XP no
longer forward traffic captured in promiscuous mode to userland code using
the standard NDIS API. Rather, the NDIS stack filters the captured
packets and culls out ones that are neither broadcast traffic nor directed
to that host computer. The architecture obviously still supports
promiscuous-mode packet capturing, but only via custom drivers. The same
is true for generation of raw sockets.

~Dathan

David Litchfield (NGSSoftware) wrote a raw packet sniffer that did not
need
a driver installed, but I don't think it works post SP2 after Microsoft
caved into pressure from crazed Gibson-ites and disabled it. You might
want
to see if it works for you...

t

On 9/15/06 4:50 PM, "ricci@xxxxxxxxxx" <ricci@xxxxxxxxxx> spoketh to all:

Hello All,

I would like to ask why sniffer in Windows that capture data packet
requires installation of drivers?

Is there any sniffer that can be used for capturing data packet without
installation of drivers into Windows OS?

Please advise.

Ricci

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

References:
- Re: Question about Sniffer in Windows
  - From: Thor (Hammer of God)

Prev by Date: Re: windump on browsing of shared folders across vpn in winxp
Next by Date: RE: Question about Sniffer in Windows
Previous by thread: Re: Question about Sniffer in Windows
Next by thread: RE: Question about Sniffer in Windows
Index(es):
- Date
- Thread

Relevant Pages

Updating drivers in WinXP Pro
... I've been having trouble getting my new Camcorder to work with Windows XP. ... Whether I try using the USB connection or the Firewire connection, ... The system detects the new device and begins installing the drivers. ... The driver installation fails with the same message "The data is invalid." ...
(microsoft.public.windowsxp.general)
RE: Installing Windows XP on an Intel Mac
... "rustic39" wrote: ... Windows, I get a message that the computer must repair itself. ... this, the startup goes ahead, and I'm back where I started - no drivers. ... The driver installation ...
(microsoft.public.windows.mediacenter)
RE: Installing Windows XP on an Intel Mac
... The first time I did boot camp, I had to delete the partition & start over. ... Windows, I get a message that the computer must repair itself. ... this, the startup goes ahead, and I'm back where I started - no drivers. ... The driver installation ...
(microsoft.public.windows.mediacenter)
RE: Installing Windows XP on an Intel Mac
... The first time I did boot camp, I had to delete the partition & start over. ... Windows, I get a message that the computer must repair itself. ... this, the startup goes ahead, and I'm back where I started - no drivers. ... The driver installation ...
(microsoft.public.windows.mediacenter)
Re: Running NDISTest on Vista with an NDIS IM Driver
... Currenty there are no logo programs or tests that test any NDIS IM drivers. ... I tried using the version that comes with WLK/DTM on PassThru (NDIS IM ... Loaded Module Info: ...
(microsoft.public.development.device.drivers)