We have a product that is dependent on winpcap. It creates point to point encrypted tunnels across tcp/ip networks. Basically the sender intercepts outbound packets, encrypts them, wraps & tunnels them over one port; the receiver, listening on that port, grabs the incoming packet, decrypts it, and reinjects it on the stack. We use winpcap on the outbound traffic to determine which outbound packets to grab(there is an NDIS driver that removes the outbound packet from the tcp/ip stack).
A client wants to use this software on a machine which has a Checkpoint Firewall-1 installed on it. It appears as though npf.sys can still bind to the lower interface but no outbound traffic is being captured. We know it isn't the rest of our product since this behaviour is dependent on whether or not winpcap is on the machine; regardless of whether or not our product is there. If I bring up ethereal on this machine (capturing all traffic) it captures all inbound traffic but no outbound traffic. A sniffer on the same hub as this machine shows both inbound and outbound traffic. I speculate that the firewall interferes with the upper-edge binding to npf.sys. Rebuilding a debug npf.sys and logging its activity shows lots of reads but nothing else. Any ideas on this would be really helpful. Thanks for any tips! -----Original Message----- From: Michael Vergoz [mailto:[EMAIL PROTECTED] Sent: September 17, 2003 1:37 PM To: [EMAIL PROTECTED] Subject: Fw: [WinPcap-users] Winpcap & Checkpoint-1 Firewall... ----- Original Message ----- From: "Michael Vergoz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 17, 2003 9:31 PM Subject: Re: [WinPcap-users] Winpcap & Checkpoint-1 Firewall... > Could you given me more information on the design of your network? > firewall, router, computer, switch... > > You seek to know entering and outgoing Internet traffic of your > routeur/firewall by ethreal? > > Michael Michael VERGOZ > PHP Development Team > [EMAIL PROTECTED] > php-gtk : http://gtk.php.net/ > http://www.php.net > > ----- Original Message ----- > From: "Richard Jagodzinski" <[EMAIL PROTECTED]> > To: "'winpcap-users'" <[EMAIL PROTECTED]> > Sent: Wednesday, September 17, 2003 7:07 PM > Subject: [WinPcap-users] Winpcap & Checkpoint-1 Firewall... > > > > Hi, All > > > > We've run into an "interesting" problem running winpcap & a > > checkpoint-1 Firewall. Bringing up Ethereal on the same machine shows > > inbound traffic but no outbound traffic. This is with the firewall > > configured to pass through all traffic in both directions. > > > > I have read the faq but am hoping someone might have more technical detail > > as to why this is happening. > > > > Cheers, > > Richard > > ----------------------------------------------------------------------- > > Richard Jagodzinski > > Research & Development > > Non-Elephant Encryption Systems Inc. > > (403) 232 6001 > > > > > > ================================================================== > > This is the WinPcap users list. It is archived at > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > > > To unsubscribe use > > mailto: [EMAIL PROTECTED] > > ================================================================== > ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
