Re: capturing on ppp interface on windows 7

[Guy Harris <guy () alum mit edu>]

On Jun 3, 2014, at 12:48 AM, Rahul Rohit <rahul.rohit () aricent com> wrote:

> Can you please describe in detail as to which file is to be modified

No, but I can suggest that, of the source files in the packetNtx/driver directory of the WinPcap source, Openclos.c, 
Packet.c, Read.c, and Write.c may have to be modified, and some others might have to be modified as well.  You might 
have to change some of the user-mode library code in packetNtx/Dll, and maybe even the packet-win32.c code in 
wpcap/libpcap.

> and what exactly to be done ?

Convert the code from a transport driver:

        http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685(v=vs.85).aspx

to a lightweight filter driver:

        http://msdn.microsoft.com/en-us/library/windows/hardware/ff571103(v=vs.85).aspx

You will first have to learn about NDIS and writing kernel-mode code for Windows if you want to do this.  (No, I can't 
teach you how to do that.)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe