[vpn-help] VPN Client Road Map Modifications ...
Matthew Grooms
mgrooms at shrew.net
Fri Sep 8 00:03:36 CDT 2006
Peter Eisch wrote:
> On 9/7/06 7:22 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
>
> Does this mean that the pcap apps (ethereal, tcpdump, etc.) will be able to
> latch onto the driver and sniff too?
>
Winpcap uses a NDIS Protocol driver to obtain packet captures. With the
old driver architecture, winpcap is able to see both public and private
interface traffic. The public traffic ( although encrypted in most cases
) would be captured from the interface used as the local peer endpoint.
The private interface traffic would be captured from the VNET interface
activated after the tunnel is created. The VNET interface is a normal
NDIS Miniport driver ( without managing any actual hardware ).
With the new driver architecture, it probably won't be possible to see
the public interface traffic as it will be injected and diverted below
the pcap protocol driver. However, the private traffic should be
accessible via winpcap. The build-in client packet dump facility will
always be available for debug purposes.
> Getting the driver blessed would be quite nice touch.
>
Yup, can't wait to get signed drivers. Its going to be a chore though.
That was another reason to move to the newer architecture. I pray that
it only needs to be done once per major release. What a racket :(
Thanks,
-Matthew
More information about the vpn-help
mailing list