[Winpcap-users] Can I capture inbound packets only?
Guy Harris
guy at alum.mit.edu
Wed Feb 15 01:33:21 GMT 2006
On Feb 14, 2006, at 4:52 PM, Loris Degioanni wrote:
> This was about not capturing the packets that the user sends on the
> pcap interface (what I called "pcap adapter level" in my previous
> mail).
I.e., that's all that the NDIS_FLAGS_DONT_LOOPBACK and
NDIS_FLAGS_SKIP_LOOPBACK flags do - they can't prevent packets sent
by, say, the IP protocol module from being looped back and supplied
to WinPcap? The page at
http://www.ndis.com/papers/loopback.htm
suggest that they're flags you set on the packet as it's being sent,
so that wouldn't help.
Do any of the NDIS packet filter settings suppress looped-back
packets? They might not work in promiscuous mode, but I suspect most
of the people who don't want to see outgoing packets are arguably
abusing libpcap/WinPcap as a tool for making protocol implementations
rather than passive sniffers; in the past, I've suggested that
perhaps there should be a *completely separate library* for people
doing user-mode protocol implementations atop {BPF, DLPI, PF_PACKET
sockets, NDIS, etc.), as that'd allow different features of at least
some of those mechanisms (in particular, the ones such as DLPI and
NDIS that were *NOT* primarily designed for packet sniffers) to be
used, which might work better for those applications.
More information about the Winpcap-users
mailing list