Firewall Wizards mailing list archives
Re: tcpdump for NT
From: David LeBlanc <dleblanc () mindspring com>
Date: Fri, 16 Oct 1998 07:57:27 -0400
At 09:37 AM 10/9/98 -0700, Ryan Russell wrote:
From speaking with Mudge and Greg, their snifferswere done from sample code out of the DDK, and in fact were compatible with each-other.
Yup - based on packet.c from the DDK. That's what we did to get truly raw sockets in the ISS scanner, which is where I think Mudge and Greg got the idea from. Only problem is that if you want to send anything, you need to re-invent arp. What is actually a lot easier to deal with if you don't want access to the IP header is just to bind a raw socket, and keep calling recvfrom(). David LeBlanc dleblanc () mindspring com
Current thread:
- tcpdump for NT mjd (Oct 09)
- <Possible follow-ups>
- Re: tcpdump for NT Ryan Russell (Oct 13)
- Re: tcpdump for NT David LeBlanc (Oct 16)
- Re: tcpdump for NT Don Kendrick (Oct 13)