That's exactly why sniffers typically require driver installation. The short version is that as of SP2, the NDIS drivers that ship with XP no longer forward traffic captured in promiscuous mode to userland code using the standard NDIS API. Rather, the NDIS stack filters the captured packets and culls out ones that are neither broadcast traffic nor directed to that host computer. The architecture obviously still supports promiscuous-mode packet capturing, but only via custom drivers. The same is true for generation of raw sockets.
~Dathan > David Litchfield (NGSSoftware) wrote a raw packet sniffer that did not > need > a driver installed, but I don't think it works post SP2 after Microsoft > caved into pressure from crazed Gibson-ites and disabled it. You might > want > to see if it works for you... > > t > > > On 9/15/06 4:50 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> spoketh to all: > >> Hello All, >> >> I would like to ask why sniffer in Windows that capture data packet >> requires installation of drivers? >> >> Is there any sniffer that can be used for capturing data packet without >> installation of drivers into Windows OS? >> >> Please advise. >> >> Ricci >> >> >> --------------------------------------------------------------------------- >> --------------------------------------------------------------------------- >> >> >> > > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
