- How to set NIC to promiscuous mode from FilterHook driver
- Posted by vasantharaj.g@nestgroup.net on May 12th, 2008
Hi !
I want to receive all packets in my filter hook driver and do
filtering the TCP packets which matches a particular destination
address in the network. So, I wrote a filter hook driver and is
working fine. Now, I want to get packets destined to other machines
also in the network, from my filter hook driver. How can I set the NIC
to promiscuous mode so that I shall receive other packets also in my
PacketFilterExtension function.
Is it possible? If so, how can I set it?
Please help.
thanks in advance,
regards,
vasanth.
- Posted by Tanya Radeva [MSFT] on May 12th, 2008
Add NDIS_PACKET_TYPE_PROMISCUOUS to your filter to support promiscuous mode
reading.
Best regards,
Tanya
"vasantharaj.g@nestgroup.net" wrote:
- Posted by Alireza Dabagh [MS] on May 12th, 2008
I did not understand exactly what your component is. "Filter hook driver"
could mean one of those nasty virus like drivers that take a shortcut by
hijacking NDIS and TCPIP entry points. It could also mean an NDIS IM filter
(or lightweight filter for NDIS 6 and higher) drivers written to spec or it
could be something else. If your driver is hijacking NDIS/TCPIP entry
points, please disregard my mail. Unfortunately many people on this
newsgroup will help you nevertheless. I can't.
If your object is to see packets sent to the other interfaces on the
network -from- this machine, then just look at them on the transmit path.
If you want to see packets sent to the other interfaces connected to the
same switch then read on.
You set a NIC to promiscuous mode by sending a set_packet_filter OID to the
NIC. (you need to be a NDIS protocol or lightweight driver to do this ). But
that will not help you. Any switch worth the box it came in, will not allow
you to see "packets destined to other machines in the network" just because
you set the NIC to promiscuous mode (with the exception of being connected
to a "mirror" port).
-ali
--
This posting is provided "AS IS" with no warranties, and confers no rights.
<vasantharaj.g@nestgroup.net> wrote in message
news:e37c994c-0a95-45bb-9e25-b0f59256a490@f24g2000prh.googlegroups.com...
- Posted by PCAUSA on May 13th, 2008
He is probably referring to this tyoe of Filter Hook, documented in
MSDN at URL:
http://msdn.microsoft.com/en-us/library/ms802735.aspx
Thomas F. Divine
On May 12, 5:59*pm, "Alireza Dabagh [MS]" <a...@online.microsoft.com>
wrote:
- Posted by vasantharaj.g@nestgroup.net on May 13th, 2008
Hi !
Yes, the filter hook driver I mentioned is as per the msdn
documentation mentioned. Basically it is an extension to the OS
supplied packet filter. The filter hook driver works fine and I am
able to get packets to an fro the host machine. As part of the
requirement, I need to get the packets destined to another machine in
the same sub net.
It could be possible if I could enable the respective adapter and the
NIC to promiscuous mode. How can I set the
OID_GEN_CURRENT_PACKET_FILTER with type NDIS_PACKET_TYPE_PROMISCUOUS
from the filterhook driver? Is this possible? If so how? Should I
write another mini port interface?
thanks in advance,
regards,
vasanth.
On May 13, 7:42*am, PCAUSA <pca...@gmail.com> wrote:
- Posted by Alireza Dabagh [MS] on May 14th, 2008
So from your reply I take it you are interested in getting packets destined
to other hosts -that are not necessarily originated from the host your
filter is running on-.
As I said in my previous post, setting the adapter to promiscuous mode is
not going to help you. Switch is not going to put them on the port your NIC
is connected to.
-ali
--
This posting is provided "AS IS" with no warranties, and confers no rights.
<vasantharaj.g@nestgroup.net> wrote in message
news:83b3e81c-8cd8-4ba4-a5b3-04a8a5dc938a@f24g2000prh.googlegroups.com...
Hi !
Yes, the filter hook driver I mentioned is as per the msdn
documentation mentioned. Basically it is an extension to the OS
supplied packet filter. The filter hook driver works fine and I am
able to get packets to an fro the host machine. As part of the
requirement, I need to get the packets destined to another machine in
the same sub net.
It could be possible if I could enable the respective adapter and the
NIC to promiscuous mode. How can I set the
OID_GEN_CURRENT_PACKET_FILTER with type NDIS_PACKET_TYPE_PROMISCUOUS
from the filterhook driver? Is this possible? If so how? Should I
write another mini port interface?
thanks in advance,
regards,
vasanth.
On May 13, 7:42 am, PCAUSA <pca...@gmail.com> wrote:
