Re: [ANN]: TCPDUMP for Windows

From: Edward Smirnov (ed_at_microolap.com)
Date: 03/30/05 

Date: Wed, 30 Mar 2005 22:42:39 +0400

Arkady, thank you for more than good question!

> If you stand you don't use driver ( so no admin rights required for
> installation ) , do your tcpdump catch netbios messages?

Packet Sniffer SDK (the library used by tcpdump for Windows) loads its own
internal driver dynamically, when the application is launched, and unloads
it when it is closed. If you want to have a look at PSSDK formal help
system, please find it here:
http://microolap.com/products/network/pssdk/pssdkactivex_en.chm

This is before proof reading help file for ActiveX Edition of PSSDK 2.3.
Unfortunately, versions for DLL Edition and static libs for Borland,
Microsoft and Intel C compilers are not completed yet, but I hope you you'll
get the main features of this Thing reading this document :)

(It is a real nightmare to synchronize the help system for 6 builds (.NET,
VCL, DLL, and static libs) of the same product in 2 languages (6*2=12),
sorry :)

It will readily be seen that there are no any mysterious things in PSSDK:
certainly you have to launch any application using PSSDK with admin rights.

Short answer: using PSSDK BPF (and FastBPF, btw) you can filter any protocol
at the driver level, and your application have not care about such things at
all.

Also have a look at the HNQueue component (or corresponding function in the
static libraries/dll edition, when its help will be finished :): it is
responsible for the asynchronous cyclic packets queue, the core of PSSDK
Gigabit networks compatibility. 

---
WBR,
Edward