No subject


Tue Apr 27 23:10:09 PDT 2010


   - The OS won't know about your privately-managed TCP connections, so it
   won't know that the port(s) you've chosen is/are in use. This means that it
   might try to use the same port for another application's connection, leading
   to chaos.
   - The OS won't know about your privately-managed TCP connections, so
   unless you prevent it from seeing those packets, it will send RST packets to
   reset the apparently bogus connection.
   - Your application won't automatically be notified of changes to relevant
   OS-managed data, configured IP addresses and routing tables. You'll likely
   have to poll for updates.
   - Properly implementing the TCP protocol is non-trivial. Most
   implementations, even very well-used ones, had dormant bugs that weren't
   found for *years*. Not all the necessary information is in the RFCs,
   either; there are places where established practice differs from the
   documented behaviour, usually for good reason. There's also plenty of code
   in modern TCP stacks specifically to deal with historical buggy behaviour in
   other stacks, and replicating all that work isn't simple.
   - There's a substantial risk of bad interactions with third party network
   security software installed on the host, which will expect all TCP
   connections to be made via the OS.

It seems like a support nightmare to me.

--0015174c12e6be489b048ae0b8ba
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<span class=3D"Apple-style-span" style=3D"font-family: Arial, &#39;Liberati=
on Sans&#39;, &#39;DejaVu Sans&#39;, sans-serif; font-size: 14px; border-co=
llapse: collapse; line-height: 18px; "><p style=3D"margin-top: 0px; margin-=
right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; padding=
-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 0px;=
 border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;=
 border-style: initial; border-color: initial; font-size: 14px; vertical-al=
ign: baseline; background-image: initial; background-attachment: initial; b=
ackground-origin: initial; background-clip: initial; background-color: tran=
sparent; clear: both; word-wrap: break-word; background-position: initial i=
nitial; background-repeat: initial initial; ">
What I have read so far, winPcap allows you to bypass OS and bypass applica=
tion and transport layer processing for TCP and provides direct access to t=
he link layer.</p><p style=3D"margin-top: 0px; margin-right: 0px; margin-bo=
ttom: 1em; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-=
bottom: 0px; padding-left: 0px; border-top-width: 0px; border-right-width: =
0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initia=
l; border-color: initial; font-size: 14px; vertical-align: baseline; backgr=
ound-image: initial; background-attachment: initial; background-origin: ini=
tial; background-clip: initial; background-color: transparent; clear: both;=
 word-wrap: break-word; background-position: initial initial; background-re=
peat: initial initial; ">
I am planning to use winpcap for some critical information transfer and not=
 just sniffing in order to reduce latency. I am currently doing it via sock=
ets.</p><p style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 1em;=
 margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0p=
x; padding-left: 0px; border-top-width: 0px; border-right-width: 0px; borde=
r-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-=
color: initial; font-size: 14px; vertical-align: baseline; background-image=
: initial; background-attachment: initial; background-origin: initial; back=
ground-clip: initial; background-color: transparent; clear: both; word-wrap=
: break-word; background-position: initial initial; background-repeat: init=
ial initial; ">
Does bypassing OS, and according to my understanding application and transp=
ort layers on my side, involve any risks?</p><p style=3D"margin-top: 0px; m=
argin-right: 0px; margin-bottom: 1em; margin-left: 0px; padding-top: 0px; p=
adding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width=
: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width=
: 0px; border-style: initial; border-color: initial; font-size: 14px; verti=
cal-align: baseline; background-image: initial; background-attachment: init=
ial; background-origin: initial; background-clip: initial; background-color=
: transparent; clear: both; word-wrap: break-word; background-position: ini=
tial initial; background-repeat: initial initial; ">
Is it normally recommended to use winpcap for critical application informat=
ion transfer or it is generally recommended for packet sniffing etc.</p><p =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 1em; margin-lef=
t: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-=
left: 0px; border-top-width: 0px; border-right-width: 0px; border-bottom-wi=
dth: 0px; border-left-width: 0px; border-style: initial; border-color: init=
ial; font-size: 14px; vertical-align: baseline; background-image: initial; =
background-attachment: initial; background-origin: initial; background-clip=
: initial; background-color: transparent; clear: both; word-wrap: break-wor=
d; background-position: initial initial; background-repeat: initial initial=
; ">


More information about the Winpcap-users mailing list