[Winpcap-users] Direct Dump the packets from the driver
ictsecurity ictsecurity
ictsecurity0 at gmail.com
Tue Jun 22 01:59:39 PDT 2010
Hai, all
I modified the passthru driver (NDIS Intermediate Driver) from the example
in WinDDK. I success to direct intercept and dump all the network traffic
packets (hexadecimal format) into c:\xxxx.dat format. My question is:
1. is it possible direct dump from NDIS intermediate driver into pcap
format? for example, c:\xxx.pcap without sending all the traffic to ring3
for process
2. if yes, any code / docsi can refer?
Thanks,
from ictsecurity0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100622/469f1135/attachment.htm
More information about the Winpcap-users
mailing list