RE: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3
It's a bug of WinPcap 3.0a. We're going to update everything in the next few days. Cheers, fulvio -Original Message- From: Denis Bujoreanu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 12:55 To: [EMAIL PROTECTED] Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Ok, I switched to 3.0a, it works well so far. I haven't expereienced anymore BSD but I saw that if I take the incoming packet, change something in its structure(namely set the RST and FIN flags in the TCP header) and write it back, the packet I see as originating from my machine has a different length and content. Maybe I'm doing something wrong, I'll keep checking. - Original Message - From: Denis Bujoreanu To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 5:02 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Well I saw that the export section, which interests me the most, of the 2.3 version differes from that of the 3.0a - obviously it has some more functions exported, but to my surprise some functions are also missing !!! Namely PacketResetAdapter and PacketWaitPacket which kinda renders the backward compatibility null. But still, this doesn't bother me cause I don't use the missing functions, what bothers me is that now the PacketGetAdapterNames is different, I mean I get different info from the driver when calling for the adapter names which doesn't scale well in my app and I don't quite get it why. After all the adapter name doesn't change, right? I'll take a closer look at the examples. My card is a plain ethernet (Accton EN2242 100Mbps) which works flawlessly with ver 2.3 on capture, but if I try to send packets I get the BSD. I'm using the packet API cause the pcap API is too simple and too high up in the stack and from the pcap source I saw that what I do in my app is the same as pcap does, of course not as efficient but performance is not a big concern now, I need functionality first and then speed. One other reason I use the packet API is that in order for me to use the pcap API I'd have to port a lot of data structures and types. I know there's Lars's translation to Delphi for the pcap headers and types but I started using WinPcap before I knew about Lars's work and is too much hassle to switch to pcap now, especially since I get what I need from packet API. - Original Message - From: Gianluca Varenni To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 04:39 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Well, WinPcap 3.0 is backward compatible with 2.3. I suggested you to wpdpack 3.0a since we have corrected some bugs in the examples, and we have added a brand new HTML documentation and tutorial. Regarding the crashes, on which network adapter are you using winpcap to send packets? Is it ethernet or PPP? Or anything else? GV PS. Why are you using the packet API? We usually suggest users to use the pcap API, which we think is much more simple, and yet powerful. - Original Message - From: Denis Bujoreanu To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 3:12 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 well, I don't use the wpcap library (u know... pcap_open_live and stuff), I use only the functions exported by the packet.dll I have both 2.3 and 3.0a but the packet.dll doesn't seem to know about all the functions from ver. 2.3...how come? isn't there a backward compatibility? what do you mean by upgrading the wdpack? I've donwloaded both versions couple of weeks ago... - Original Message - From: Gianluca Varenni To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 04:03 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Try winpcap 3.0alpha (remember to upgrade the developers' pack, too). GV PS. What do you mean by I use Packet.dll and packet.sys and do not go through the API? - Original Message - From: Denis Bujoreanu To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 2:18 PM Subject: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Hi, I wrote an app that uses WinPacap ver. 2.3 (I use Packet.dll and Packet.sys and do not go through the API) to capture packets and if the TCP port matches a certain value than it writes a new packet that closes the connection (it's not a DoS tool, it's ment to be a intrusion prevention and access control tool so don't bite my head off yet). Form time to time I get a STOP fatal error on my W2K Server, the message error was that the irq was less or not equal to...or something like that, it was acompanied by a blue screen and a memory dump). I read in a previous post that this problem is not a singularity and that it has been fixed. Could it be that I am doing something
RE: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3
-Original Message- From: Denis Bujoreanu [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 13:42 To: [EMAIL PROTECTED] Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 so we should expect a change in the way we use PacketReceivePacket? The call to this function will remain the same? Hopefully yes. Howver, please not tht we *stronly* suggest not to use packet.dll api; please use wpcap api instead. There's plenty of examples in the new documentation. fulvio ok...I won't bother you with stupid questions andymore and let you go by your work 10x and keep up the good work!! :) - Original Message - From: Fulvio Risso [EMAIL PROTECTED] To: Denis Bujoreanu [EMAIL PROTECTED] Sent: Thursday, September 12, 2002 2:26 PM Subject: RE: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 The problem is the the receive process. fulvio -Original Message- From: Denis Bujoreanu [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 12:06 To: Fulvio Risso Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 10x F. Just one more question: will the changes affect the way PacketReceivePacket behaves or they will only focus on the write operations? I'm askin' cause when I went from 2.3 to 3.0a I had a little trouble importing the functions exported by the packet.dll library. - Original Message - From: Fulvio Risso [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 12, 2002 1:01 PM Subject: RE: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 It's a bug of WinPcap 3.0a. We're going to update everything in the next few days. Cheers, fulvio -Original Message- From: Denis Bujoreanu [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 12:55 To: [EMAIL PROTECTED] Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Ok, I switched to 3.0a, it works well so far. I haven't expereienced anymore BSD but I saw that if I take the incoming packet, change something in its structure(namely set the RST and FIN flags in the TCP header) and write it back, the packet I see as originating from my machine has a different length and content. Maybe I'm doing something wrong, I'll keep checking. - Original Message - From: Denis Bujoreanu To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 5:02 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Well I saw that the export section, which interests me the most, of the 2.3 version differes from that of the 3.0a - obviously it has some more functions exported, but to my surprise some functions are also missing !!! Namely PacketResetAdapter and PacketWaitPacket which kinda renders the backward compatibility null. But still, this doesn't bother me cause I don't use the missing functions, what bothers me is that now the PacketGetAdapterNames is different, I mean I get different info from the driver when calling for the adapter names which doesn't scale well in my app and I don't quite get it why. After all the adapter name doesn't change, right? I'll take a closer look at the examples. My card is a plain ethernet (Accton EN2242 100Mbps) which works flawlessly with ver 2.3 on capture, but if I try to send packets I get the BSD. I'm using the packet API cause the pcap API is too simple and too high up in the stack and from the pcap source I saw that what I do in my app is the same as pcap does, of course not as efficient but performance is not a big concern now, I need functionality first and then speed. One other reason I use the packet API is that in order for me to use the pcap API I'd have to port a lot of data structures and types. I know there's Lars's translation to Delphi for the pcap headers and types but I started using WinPcap before I knew about Lars's work and is too much hassle to switch to pcap now, especially since I get what I need from packet API. - Original Message - From: Gianluca Varenni To: [EMAIL PROTECTED] Sent: Monday, September 09, 2002 04:39 PM Subject: Re: [WinPcap-users] I got a Blue Screen of Death on my W2K Server while using WinPcap ver 2.3 Well, WinPcap 3.0 is backward compatible with 2.3. I suggested you to wpdpack 3.0a since we have corrected some bugs in the examples, and we have added a brand new HTML documentation and tutorial.
[WinPcap-users] Licensing question
Hello, I have a question regarding licensing that I'm sure will get me brutalized, but I need to ask. A friend of mine and I wish to develop a tool for network analysis. We would very much like to use winpcap as a basis for this tool, but we eventually want to sell it. I read the BSD license and it basically says that this is OK, so long as you get it in writing from UCB. Is this correct? Anybody here happen to know who to contact at UCB? Thanks! _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe ==
RE: [WinPcap-users] Registry entries
Thank you for your reply. My problem is that there are NO entries in the registry after installing WinPcap! But you hint on regmon was useful. I ran regmon while I installed WinPcap - the following entry is significant: 649718.27431922 WinPcap_3_0_a.e:612 DeleteKey HKLM\SYSTEM\CurrentControlSet\Services\NPF SUCCESS Key: 0xE2081540 This is obviously the reason for the lack of entries in the registries. But why are they being deleted? -Original Message- From: Stephen Oberholtzer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 11 September 2002 23:22 To: '[EMAIL PROTECTED]' Subject: RE: [WinPcap-users] Registry entries This is where it is on my machine (Win2k SP2 also): 14.33212713 SERVICES.EXE:216SetValue HKLM\System\CurrentControlSet\Services\NPF\Start0x2 If that doesn't work, you can try this: 0. Get Regmon from http://www.sysinternals.com/ntw2k/source/regmon.shtml 1. Run Ethereal, or WinDump, or anything you can run to load the driver. 2. Go to Control Panel - System (or press Windows+Break :D) 3. Select the Hardware tab; go to Device Mangler. 4. From the menu, choose View/Devices by type, then View/Show hidden devices. 5. A new category Non-Plug and Play Drivers will show up in the middle of the list. Expand it. 6. There should be an item listed as Netgroup Packet Filter. Double-click it to bring up its Properties window. 7. Select the Driver tab. There is a Startup Type, which is currently set to Demand. 8. Start Regmon. Note that there will be a lot of noise, so you may want to press Ctrl+L and set the Include filter to *services.exe*. 9. Change the Startup Type to Automatic and hit OK to close the dialog. 10. Regmon will now have a very large list of registry accesses it's captured. One of those is the new Startup Type for NPF. -Original Message- From: Kevin Gilbert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 6:18 PM To: [EMAIL PROTECTED] Subject: RE: [WinPcap-users] Registry entries W2K 5.00.2195 Service Pack 2 -Original Message- From: Stephen Oberholtzer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 11 September 2002 00:18 To: '[EMAIL PROTECTED]' Subject: RE: [WinPcap-users] Registry entries What OS are you running? == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe == = This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe =
