[vpn-help] VPN Client Road Map Modifications ...

Matthew Grooms mgrooms at shrew.net
Fri Sep 8 00:03:36 CDT 2006


Peter Eisch wrote:
> On 9/7/06 7:22 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
> 
> Does this mean that the pcap apps (ethereal, tcpdump, etc.) will be able to
> latch onto the driver and sniff too?
>

	Winpcap uses a NDIS Protocol driver to obtain packet captures. With the 
old driver architecture, winpcap is able to see both public and private 
interface traffic. The public traffic ( although encrypted in most cases 
) would be captured from the interface used as the local peer endpoint. 
The private interface traffic would be captured from the VNET interface 
activated after the tunnel is created. The VNET interface is a normal 
NDIS Miniport driver ( without managing any actual hardware ).

	With the new driver architecture, it probably won't be possible to see 
the public interface traffic as it will be injected and diverted  below 
the pcap protocol driver. However, the private traffic should be 
accessible via winpcap. The build-in client packet dump facility will 
always be available for debug purposes.

> Getting the driver blessed would be quite nice touch.
> 

	Yup, can't wait to get signed drivers. Its going to be a chore though. 
That was another reason to move to the newer architecture. I pray that 
it only needs to be done once per major release. What a racket :(

Thanks,

-Matthew



More information about the vpn-help mailing list