Re: tcpdump for NT

[David LeBlanc <dleblanc () mindspring com>]

At 09:37 AM 10/9/98 -0700, Ryan Russell wrote:
> > From speaking with Mudge and Greg, their sniffers
> were done from sample code out of the DDK, and in
> fact were compatible with each-other.

Yup - based on packet.c from the DDK.  That's what we did to get truly raw
sockets in the ISS scanner, which is where I think Mudge and Greg got the
idea from.  Only problem is that if you want to send anything, you need to
re-invent arp.

What is actually a lot easier to deal with if you don't want access to the
IP header is just to bind a raw socket, and keep calling recvfrom().


David LeBlanc
dleblanc () mindspring com