Re: tcpdump for NT

David LeBlanc (dleblancmindspring.com)
Fri, 16 Oct 1998 07:57:27 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Joseph S. D. Yao: "Re: linux firewal question (newbie)"
• Previous message: Hines Dennis: "Opening ports in Firewall"
• Next in thread: Don Kendrick: "Re: tcpdump for NT"

At 09:37 AM 10/9/98 -0700, Ryan Russell wrote:
>>From speaking with Mudge and Greg, their sniffers
>were done from sample code out of the DDK, and in
>fact were compatible with each-other.

Yup - based on packet.c from the DDK. That's what we did to get truly raw
sockets in the ISS scanner, which is where I think Mudge and Greg got the
idea from. Only problem is that if you want to send anything, you need to
re-invent arp.

What is actually a lot easier to deal with if you don't want access to the
IP header is just to bind a raw socket, and keep calling recvfrom().

David LeBlanc
dleblancmindspring.com

• Next message: Joseph S. D. Yao: "Re: linux firewal question (newbie)"
• Previous message: Hines Dennis: "Opening ports in Firewall"
• Next in thread: Don Kendrick: "Re: tcpdump for NT"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:57 CDT