Hi group,
my question is short: is possible in windows by any way to capture all
packets, at the interface previously setted up to promisc mode in user
level? In linux is possible to do that by using socket(PF_PACKET,
SOCK_RAW|SOCK_DGRAM, ....et cetera), but windows is different. I have
read some issues that here is not possible to use and PF_PACKET family
during creating of socket on the windows architecture and also than is
not possible to swith the network card to promisc mode from user mode.
After plenty hours of googling i have found some code which is able
to set the network card to promisc mode using modifying of NIDS flags.
I have found some issues saying that is possible, but that i never
have seen working code. Next problem is sending of arbitary packets in
user moder. I dont want to use winpcap, or any other kernel-level
library.
Do you have any suggestions?
Tomas Korcak
--
<warning>
This e-mail is intended for the named recipient(s). It may contain
privileged and/or confidential information. If you are not one of the
intended recipients, please notify the sender immediately and destroy
this e-mail and attachment(s): you must not copy, distribute, retain
or take any action in reliance upon the email or attachment(s). While
all reasonable efforts are made to safeguard inbound and outbound
e-mails, Tomas Korcak cannot guarantee that attachments are virus-free
or are compatible with your systems, and does not accept liability in
respect of viruses or computer problems experienced. Thank you.
</warning>
<notice>
Your Skills In Reading Have Improved +1
</notice>
<idea>
Some days you're the dog; some days you're the hydrant.
</idea>
--
<warning>
This e-mail is intended for the named recipient(s). It may contain
privileged and/or confidential information. If you are not one of the
intended recipients, please notify the sender immediately and destroy
this e-mail and attachment(s): you must not copy, distribute, retain
or take any action in reliance upon the email or attachment(s). While
all reasonable efforts are made to safeguard inbound and outbound
e-mails, Tomas Korcak cannot guarantee that attachments are virus-free
or are compatible with your systems, and does not accept liability in
respect of viruses or computer problems experienced. Thank you.
</warning>
<notice>
Your Skills In Reading Have Improved +1
</notice>
<idea>
Some days you're the dog; some days you're the hydrant.
</idea>
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
