[Winpcap-users] RE: [tcpdump-workers] Support for win32 named pipes

[Alex Narinsky]

Can you please give additional explanation to your message?
At present winpcap sniffs named pipes communication from MSSQL server
client on another computer to a MSSQL server.  However, it does not
catch local named pipes communications.  

What your development adds to these options?
Thanks

-----Original Message-----
From: tcpdump-workers-owner at lists.tcpdump.org
[mailto:tcpdump-workers-owner at lists.tcpdump.org] On Behalf Of Gcom, Inc.
Sent: Tuesday, June 28, 2005 7:49 PM
To: tcpdump-workers at lists.tcpdump.org
Subject: [tcpdump-workers] Support for win32 named pipes

I've added explicit support for named pipes to a winpcap 3.1 beta 4
tree, 
and would like to submit the changes to the libpcap maintainers.  It
adds a 
new file and small changes to several other files.  Who should I send
diffs 
to, or should I send them to the list?  Would a modified source tree be 
easier to work with?

The way the named pipe support I added works is, there is a new "family"
of 
interface names, beginning with "pipe://".  On win32 machines, the name
can 
have one of two formats:

pipe://<pipename>
pipe://<hostname>/<pipename>

Win32 machines use a flat (non-hierarchical) namespace for the named
pipes 
on each machine, and allow opening pipes on another machine.  The named 
pipe is assumed to carry a libpcap savefile-format data stream.

On non-win32 machines, pipe://<path> is treated just like file://<path>

The implementation adds a new API function pcap_open_pipe(), with the
same 
parameters as pcap_open_live().

The current implementation relies heavily on tweaked routines in 
savefile.c.  This is fine for an immediate implementation, but leaves
out a 
few important distinctions between a savefile and a continuous data
stream 
from a pipe.  This will be addressed in the future.

Regards,
Oolan Zimmer
Gcom, Inc.
ethereal at gcom.com

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.