|
|
PCAUSA Frequently Asked QuestionsTable of ContentsQuestions About Rawether for Windows, the Win32 NDIS Framework
Questions About NDIS Pseudo-Intermediate (PIM) Framework
Questions About TDI Client Sample
Questions About Windows 95 Redirector Kit
Other Questions
Questions About Win 32 NDIS FrameworkIs the HookPeek application a network monitor or "sniffer"?No, the HookPeek sample application that is provided with the WinDis 32 Framework is NOT a network monitoring or "sniffer" program. It is, however, a good place to start development of such a program. In fact, PCAUSA products are used as the network packet reception codebase for several commercial network analyzer products. HookPeek does place the selected adapter into promiscuous mode and "dump" packets to the console. However, there is a lot more to making a good network analyzer. First of all, dumping each packet to the console actually takes a lot of time. On a heavily loaded network packets can be lost during the time that it takes to display the packet. Commercial network monitor programs save the packets in internal memory buffers and display very little information while actually collecting data. In addition, commercial network analyzers provide lots of other packet data processing and filtering functions that are not provided by HookPeek. Back to Top
Are Rawether for Windows and the Win32 NDIS Framework the same?Yes! Rawether for Windows is simply a new name for the Win32 NDIS Framework (WinDis 32). Just think of it as: "Rawether for Windows, the Win32 NDIS Framework." There will be a slow migration from the WinDis 32 naming to Rawether. When contacting PCAUSA or reading PCAUSA documentation any of these names refer to the same product:
The transition to the new Rawether for Windows name begins in late September, 2000. There will be a period where both names will be used on the PCAUSA websites and documentation. Back to Top
Will I have to know about NDIS to use WinDis 32?WinDis allows you to conveniently write Win32 applications that access NDIS MAC drivers using a straight forward API that is very similar to the API used by a NDIS protocol driver. In addition, the samples provided in the SDK provide several illustrations of performing representative NDIS operations using the WinDis 32 protocol drivers as a "proxy". However, WinDis 32 doesn't make it "simpler" for you to use interface with the adapter. There are hundreds of operations which could conceivably be made, and many of these are media-dependent. If you need to call the adapter to do something special, you'll have to know a little about NDIS. Back to Top
Why doesn't HookPeek run correctly when I double-click it from the Explorer?HookPeek is a Win32 console application which is intended to be run from the Windows Command Prompt - much like a DOS application. In addition. HookPeek needs a few command-line arguments to tell it which adapter to use. When you double-click the HookPeek icon form the Explorer, Windows starts HookPeek without the command-line arguments that it needs. So, it quits immediately. The NDIScope Help File includes topics that describe how to run the HookPeek application. Back to Top
Does WinDis 32 provide support for NDIS WAN?The current version of WinDis 32 does not include support for NDIS WAN. Back to Top
Questions About NDIS Pseudo-Intermediate (PIM) FrameworkCan Multiple NDIS PIM Drivers Be Installed On A System?Yes. Your NDIS PIM driver should be renamed to avoid conflict. There is no method to guarantee the order that PIM drivers will handle packets if multiple PIM drivers are installed. Back to Top
Can A NDIS PIM Driver Open An NDIS Adapter For Its Own Use?Yes. Back to Top
Can The NDIS PIM Methodology Work With Other Protocols?Yes. The technique can be adapted to work with protocols other than MSTCP. Back to Top
Does The NDIS PIM 9X Driver Use Reverse Engineering Techniques?Absolutely not! The Hook_Device_Service function crucial to the implementation is a standard VxD service that is fully documented by Microsoft. The methods used to intercept other NDIS wrapper functions are based on the NDIS documentation. Back to Top
How Does The NDIS PIM 9X Driver Work With The Dial-Up Adapter?As many developers have found out, the Dial-Up Adapter makes some proprietary checks, and only allows the MSTCP protocol to acquire a completely functional binding using the normal NDIS binding methods. These checks don't matter to the NDIS PIM 9X driver because it has access to the NDIS handles created by MSTCP itself. This makes packet filtering of sends and receives on the Dial-Up adapter possible. Back to Top
Questions About TDI SamplesDoe the TDI samples show how to monitor or filter TCP/IP packets?The product includes two kinds of TDI drivers:
The following figures are intended to help in visualizing these two types of TDI driver samples: TDI Client
TDI Filter
Does the TDI sample show how to use "raw IP"?Sorry, it doesn't. Microsoft doesn't provide sufficient information to be able to use raw IP. If you are ambitious, you can build this capability starting with WinDis 32 or RAWETHER, both of which support receiving and sending absolutely raw packets (i.e., the complete Ethernet packet). Back to Top
Does the TDI sample show how to use SPX/IPX?Sorry, it doesn't. However, if your problem is in the basic mechanics of accessing TDI driver functions from your driver, then these samples may be of some use. Understand that SPX/IPX is accessible via TDI only on the Windows NT platform. On Windows 95 some other API is used to access SPX/IPX. Back to Top
Questions About Windows 95 Redirector KitDoes the Windows 95 Redirector Kit actually access a network?No, the kit doesn't actually access any network. Instead, it provides functional stubs that must be replaced with calls to a a real network. The stub functionality is implemented by calling Ring 0 file I/O services. The net result is that the Windows 95 Redirector Kit is functional, and can be adapted to a wide variety of networks.
Back to Top
What is the difference between WinDis 32 and the NT Packet Driver sample?There are obvious similarities: both provide functions to send and receive packets and to submit NDIS requests to a NDIS adapter driver. Both employ a DLL as an intermediary between the Win32 application on a companion NDIS protocol driver. However, there are quite a few differences, including:
Back to Top
Is WinDis 32 a "NDIS intermediate driver"?No, the WinDis 32 PCANDIS# driver is an "ordinary" protocol drivers. An NDIS intermediate driver is a type of NDIS driver that can be layered on top of an actual NDIS media access controller (MAC) driver and below NDIS protocol drivers such as TCP/IP. In this "intermediate" position the driver can modify the data passed up or down the network protocol stack to perform functions such as encryption, compression, etc. NDIS intermediate drivers can only be used on platforms that support NDIS 4.X, which Microsoft provides only on Windows 95 OSR2 and later and Windows NT 4.0 SP3 and later. Back to Top
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
PCAUSA Home ·
Privacy Statement ·
Products ·
Ordering ·
Support ·
Utilities ·
Resources
|
