 |
|
|||||
|
|
|
Packet Sniffer SDK - FAQGeneral QuestionsWhat is Packet Sniffer SDK? Packet Sniffer SDK (PSSDK) libraries are intended for developing of applications for solving tasks of stateless high-performance network packet capture and/or packet generation. All of the Packet Sniffer SDK editions work in Gigabit networks, support multi-processor systems (SMP), do not require any pre-installed packet drivers, and have BPF (BSD Packet Filtering) engine implemented at the PSSDK internal driver level. Using Packet Sniffer SDK you can focus yourself on the high level logics of the application you are developing, rather than on the network drivers, architecture, organization, and internal implementation of the Windows network functions. In which cases I need Packet Sniffer SDK? You apparently need Packet Sniffer SDK, if (1) the traffic capture performance is critical for your application, and if (2) you can't ask your user to install third-party network drivers before your application is installed. How can I obtain a trial version of Packet Sniffer SDK? You're welcome to download the latest evaluation versions of all Packet Sniffer SDK editions at the download section. What functionality limitations do the trial versions of Packet Sniffer SDK libraries have? All evaluation versions of Packet Sniffer SDK are fully functional. What kinds of support are available for Packet Sniffer SDK registered customers? The Packet Sniffer SDK support team offers two types of support: free pre-sales support, which can help you to learn more about this product and make your first steps with Packet Sniffer SDK, and post-sales support for registered users for solving all possible technical problems and helping you to create powerful and stable applications with Packet Sniffer SDK. Please note that support requests containing code snippets, data structures, and other things helping to isolate and reproduce your problem will be answered first. Can I purchase Packet Sniffer SDK with sources? Yes, if you are a registered customer of Packet Sniffer SDK, and you are completely satisfied with it. Please e-mail our sales team at . Technical QuestionsIs it possible with Packet Sniffer SDK to create portable applications, which don't require any installation? Yes, have a look at our TCPDUMP for Windows. Such applications may be created with PSSDK VCL edition (Delphi/BCB), as well as with static libraries (MS VC/VS, BCB). Also please refer to the WinPCap to PSSDK migration module topic in the PSSDK help file: in most cases you even haven't to recompile existing application to make it work with PSSDK. Does Packet Sniffer SDK support multiprocessor (SMP) systems? Yes, it does. Please take into account that on a multiprocessor system the traffic capture process is much more effective if the number of threads created for the work with the network adapter is not less than the processors number in this system. Is it possible for applications based on Packet Sniffer SDK to work in the Windows Terminal Client sessions? Yes, Packet Sniffer SDK based applications can work in the Windows Terminal Client sessions without any restrictions. Is it possible using Packet Sniffer SDK to capture the modem traffic? Yes. Please refer to the WANMonitor property of the HNPSManager component. Using HNPSManager.WanMonitorState property you can check if the device \Device\NdisWanBh is installed on the system, then if this device is opened with the MAC filter equal to mfAll, you can capture modem traffic. Can I use Packet Sniffer SDK library with Visual Basic? Visual Basic - no, Visual Basic .NET - yes. Please use Packet Sniffer SDK DLL edition. Can I use Packet Sniffer SDK to drop the incoming packets? Is it possible to use Packet Sniffer SDK to build a firewall? No. Packet Sniffer SDK is developed to solve absolutely different task: high-performance stateless traffic capturing and packets generation/sending. PSSDK doesn't participate in the OS network stack at all. There are several applications which are using Packet Sniffer SDK running on my computer. Are there any conflicts between these applications possible, and how many instances of the Packet Sniffer SDK internal driver are loaded in this case? There are no reasons to be worried about - only one copy of driver will be loaded, independently on what Packet Sniffer SDK editions are used in these applications. It serves all Packet Sniffer SDK based applications without any conflicts. Can I use Packet Sniffer SDK without regard to WinPcap or other packet capture library? (for example, can I use Packet sniffer SDK with WinPcap installed?) Yes, Packet Sniffer SDK does not require something except of itself, e.g. for an application that uses PSSDK DLL edition, you should have only PSSDK.DLL on your PC to make it work. We have not met any WinPCap compatibility problems for PSSDK and vise versa. When I capture a packet from a local machine, does the Packet Sniffer SDK provide a process information (e.g. process id) related with the packet? Yes, please use HNLBAdapter component. How do I filter packets by source MAC address using BPF/FastBPF? Please have a look at the following example. Keeping in mind Ethernet header structure...
// typedef struct _ETHERNET_HEADER
// {
// unsigned char EthDHost[6];
// unsigned char EthSHost[6];
// unsigned short EthType;
// }ETHERNET_HEADER, *PETHERNET_HEADER;
....assume that we need to capture packets only from the host with MAC address 00-0E-A6-4A-0C-21. There are two ways to create a BPF filter: using HNUserFilter object functions, and using BPF assembler. HNUserFilter version:
// ld P[6] // A <- Packet[6]
//
// Load 4 bytes by offset 6 to the register "A" (i.e., the first
// 4 bytes of the source MAC address)
HNUserFilter.AddCmd(BPF_LD+BPF_W+BPF_ABS, 6);
// jeq 0x4AA60E00, 0, 3 // pc += (A == k) ? jt : jf
//
// if A == 0x4AA60E00 then jump for 0 instructions forward, else jump for
// 3 instructions forward.
// Note: we have to swap bytes since we're working on x86 PC.
// Then, if the first 4 bytes of the MAC address doesn't match,
// jump 3 instructions forward (i.e. ret 0 below)
HNUserFilter.AddJmp(BPF_JMP+BPF_JEQ+BPF_K, htonl(0x000EA64A), 0, 3);
// ldh P[10] // A <- Packet[10 : 2]
//
// Load 2 bytes by offset 10 to the register "A" (i.e., the last
// 2 bytes of the source MAC address)
HNUserFilter.AddCmd(BPF_LD+BPF_H+BPF_ABS, 10);
// jeq 0x21C0, 0, 1 // pc += (A == k) ? jt : jf
//
// if A == 0x21C0 then jump for 0 instructions forward, else jump for
// 1 instruction forward.
// Note: we have to swap bytes since we're working on x86 PC.
// Then, if the last 2 bytes of the MAC address doesn't match,
// jump 1 instruction forward (i.e. ret 0 below)
HNUserFilter.AddJmp(BPF_JMP+BPF_JEQ+BPF_K, htons(0x0C21), 0, 1);
// ret -1 // return -1 (i.e., pass this packet to the application)
HNUserFilter.AddCmd(BPF_RET+BPF_K, (u_int)-1);
// ret 0 // return 0 - (i.e., don't pass this packet to the application)
HNUserFilter.AddCmd(BPF_RET+BPF_K, 0);
Joining the above together we've got the following code: HNUserFilter.AddCmd(BPF_LD+BPF_W+BPF_ABS, 6); HNUserFilter.AddJmp(BPF_JMP+BPF_JEQ+BPF_K, htonl(0x000EA64A), 0, 3); HNUserFilter.AddCmd(BPF_LD+BPF_H+BPF_ABS, 10); HNUserFilter.AddJmp(BPF_JMP+BPF_JEQ+BPF_K, htons(0x0C21), 0, 1); HNUserFilter.AddCmd(BPF_RET+BPF_K, (u_int)-1); HNUserFilter.AddCmd(BPF_RET+BPF_K, 0); BPF assembler version (requires compilation, see HNUserFilter :: Methods :: BpfCompileBPFAsmFromStr): ld P[6] // A <- Packet[6] jeq 0x4AA60E00, 0, 3 // pc += (A == k) ? jt : jf ldh P[10] // A <- Packet[10 : 2] jeq 0x21C0, 0, 1 // pc += (A == k) ? jt : jf ret -1 // return -1 (i.e., pass this packet to the application) ret 0 // return 0 - (i.e., don't pass this packet to the application) For testing and debugging BPF filters please use HNUserFilter.CheckFilter and HNUserFilter.CheckPacket methods. Also please see BPF example: Ethernet level topic in the PSSDK help file (VCL/DLL). |
||
|
All trademarks are the sole property of their respective owners.
News 