Security Basics mailing list archives
Capturing all packets...
From: "Tomas Korcak" <korczis () gmail com>
Date: Tue, 28 Feb 2006 05:23:45 +0100
Hi group, my question is short: is possible in windows by any way to capture all packets, at the interface previously setted up to promisc mode in user level? In linux is possible to do that by using socket(PF_PACKET, SOCK_RAW|SOCK_DGRAM, ....et cetera), but windows is different. I have read some issues that here is not possible to use and PF_PACKET family during creating of socket on the windows architecture and also than is not possible to swith the network card to promisc mode from user mode. After plenty hours of googling i have found some code which is able to set the network card to promisc mode using modifying of NIDS flags. I have found some issues saying that is possible, but that i never have seen working code. Next problem is sending of arbitary packets in user moder. I dont want to use winpcap, or any other kernel-level library. Do you have any suggestions? Tomas Korcak -- <warning> This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, Tomas Korcak cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Thank you. </warning> <notice> Your Skills In Reading Have Improved +1 </notice> <idea> Some days you're the dog; some days you're the hydrant. </idea> -- <warning> This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). While all reasonable efforts are made to safeguard inbound and outbound e-mails, Tomas Korcak cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept liability in respect of viruses or computer problems experienced. Thank you. </warning> <notice> Your Skills In Reading Have Improved +1 </notice> <idea> Some days you're the dog; some days you're the hydrant. </idea> --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Capturing all packets... Tomas Korcak (Feb 28)