Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PPP capture

From: Yang Luo <hsluoyb () gmail com>
Date: Tue, 12 Jan 2016 22:36:18 +0800
On Tue, Jan 12, 2016 at 9:56 AM, Guy Harris <guy () alum mit edu> wrote:



On Jan 11, 2016, at 5:42 PM, Yang Luo <hsluoyb () gmail com> wrote:


AFAIK, Npcap/WinPcap works on the data link level and it sees the

Ethernet frames.

It sees data link frames, whatever they might happen to be; it's not
necessary Ethernet.



Yeah, my phrases were not precise, I wanna mean this:)





In my understanding, VPN SSL (https) or raw HTTP is just data of

high-levels (IP packets) for Npcap/WinPcap. I don't know if it's
appropriate or viable for Npcap/WinPcap to see this data.

It's appropriate for WinPcap/NPcap to see packets from any interface it
can attach to via NDIS.  It should just pass those packets on to its
caller, and not do any decryption or anything else on it - if the OS
provides decrypted packets (i.e., supplies decrypted packets to drivers
attached to the interface via NDIS), it should pass them onto its caller to
display, and if it provides *encrypted* packets (i.e., supplies raw packets
to drivers attached to the interface via NDIS), it should pass them onto
its caller and leave it up to the caller to decrypt.



Another inaccuracy, I agree that WinPcap/Npcap should see and present the
data the way it is. the NDIS technique WinPcap/Npcap is based on has no
idea how the higher-level data like SSL are organized or encrypted.



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: