Google 网上论坛不再支持新的 Usenet 帖子或订阅项。历史内容仍可供查看。
Dismiss

Detecting if Adapter is in Promiscuous mode

已查看 88 次
跳至第一个未读帖子

Nathan Evans

未读,
2002年4月23日 12:44:392002/4/23
收件人
Hello,

I need to determine if a specific adapter is in Promiscuous mode...

What this app does: http://www.ntsecurity.nu/toolbox/promiscdetect/faq.shtml

Any tips?

--
Nathan Evans

arkadyf

未读,
2002年4月24日 07:20:112002/4/24
收件人
You can do it on by DeviceIoControl with IOCTL_PROTOCOL_QUERY_OID .
Sniffers set adapter in promiscuous mode to receive packet from/to
connected computers not only from/to this one.
You can see it in PacketSetFilter() from NTpacket example in MSDN.
Arkady


Nathan Evans <f...@bar.com> wrote in message
news:eZCDWYu6BHA.1668@tkmsftngp03...

Nathan Evans

未读,
2002年4月25日 10:29:122002/4/25
收件人
Where in MSDN is this? I searched for "PacketSetFilter", nothing came up..

As for DeviceIoControl, any examples,tips,websites? ;)

Thanks

"arkadyf" <ark...@hotmail.com> wrote in message
news:eWouJm36BHA.1456@tkmsftngp02...

arkadyf

未读,
2002年4月25日 13:16:382002/4/25
收件人
"Ntpacket.exe: Updated Windows NT 4.0 NDIS 3.0 Packet Sample Available"
Q238652 KB MSDN
Arkady

Nathan Evans <f...@bar.com> wrote in message

news:u4ApQWG7BHA.2320@tkmsftngp02...

Thomas F. Divine

未读,
2002年4月25日 15:15:182002/4/25
收件人
You can use the PCAUSA "OID Scope" to check this on Windows NT/2000/XP
without having a driver. OID Scope can be downloaded from:

http://www.pcausa.com/Utilities/ndistools.htm

Make query for OID_GEN_CURRENT_PACKET_FILTER using the Make NDIS Request
feature on the Properties page.

(The PCAUSA web host, Earthlink, is having some problems today. So, try
again later if you can't reach the site...)

Good luck,
--
Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
<http://www.pcausa.com> - <http://www.rawether.net>

"arkadyf" <ark...@hotmail.com> wrote in message

news:uWLOOSH7BHA.2216@tkmsftngp03...

Nathan Evans

未读,
2002年4月27日 12:00:562002/4/27
收件人
What about programmatically :)

Do you know anymore of the method that this ntsecurity.nu tool uses?
http://www.ntsecurity.nu/toolbox/promiscdetect/faq.shtml

Using DependencyWalker and W32dasm i can't find out much on the way it works
:(

Thanks!

"Thomas F. Divine" <pca...@hotmail.com> wrote in message
news:ucgle7...@corp.supernews.com...

arkadyf

未读,
2002年4月28日 02:39:422002/4/28
收件人
Hi , Nathan!
Download NTPacket of MSDN and see using of DeviceIoControl there , the good
description of it you can find on
Windump site because they use this ( modified ) driver in their sniffer or
on www.cswl.com
BTW DependencyWalker shows that promiscdetect use DeviceIoControl as second
function ( ordinal number 92 ( 0x52) ) in kernel32.dll ( I checked it on
NT4SP6 just now ). Except this , because promiscdetect not use service
functions
( that mean no build-in driver in it ) this is the only way to communicate
to NDIS driver.
Arkady


Nathan Evans <f...@bar.com> wrote in message

news:uq6n0Sg7BHA.2176@tkmsftngp03...

Thomas F. Divine

未读,
2002年4月29日 00:01:452002/4/29
收件人
On NT this could be IOCTL_NDIS_QUERY_GLOBAL_STATS. This is used in OID
Scope. The MACADDR II sample (with free source) also illustrates using this
IOCTL. See the URL:

http://www.pcausa.com/Utilities/macaddr2.htm

Good luck,
--
Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
<http://www.pcausa.com> - <http://www.rawether.net>

"arkadyf" <ark...@hotmail.com> wrote in message

news:ugDALcn7BHA.2488@tkmsftngp04...

Nathan Evans

未读,
2002年5月12日 08:39:182002/5/12
收件人
Hi Thomas,

I finally got this utility downloaded.. seems for the past few weeks your
site has been rejecting my download request. :(

It works though, OID_GEN_CURRENT_PACKET_FILTER returns 43 when in
promiscuous mode, and 11 when not..

So how do i implement this programmatically?

Thanks!

"Thomas F. Divine" <pca...@hotmail.com> wrote in message
news:ucgle7...@corp.supernews.com...

Thomas F. Divine

未读,
2002年5月12日 21:26:572002/5/12
收件人

"Nathan Evans" <f...@bar.com> wrote in message
news:#XElHIb#BHA.1980@tkmsftngp04...

> Hi Thomas,
>
> I finally got this utility downloaded.. seems for the past few weeks your
> site has been rejecting my download request. :(
>
> It works though, OID_GEN_CURRENT_PACKET_FILTER returns 43 when in
> promiscuous mode, and 11 when not..
>
> So how do i implement this programmatically?
>
> Thanks!

Yes, Earthlink/MindSpring made some "upgrades" to their web servers.
Unbeknownst to me, these totally hosed my site. The site has been moved and
is fully functional once again (I hope).

To implement the basic functionality you are looking for, see the PCAUSA
MACADDR II samples (including free source) at the URL:

http://www.pcausa.com/Utilities/macaddr2.htm

Do let me know if you see problems with the new site or downloads.

Regards,

Martin

未读,
2002年5月13日 00:32:072002/5/13
收件人
Nathan,

Use the following define to find out what is turned on:

#define NDIS_PACKET_TYPE_DIRECTED 0x0001
#define NDIS_PACKET_TYPE_MULTICAST 0x0002
#define NDIS_PACKET_TYPE_ALL_MULTICAST 0x0004
#define NDIS_PACKET_TYPE_BROADCAST 0x0008
#define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x0010
#define NDIS_PACKET_TYPE_PROMISCUOUS 0x0020
#define NDIS_PACKET_TYPE_SMT 0x0040
#define NDIS_PACKET_TYPE_ALL_LOCAL 0x0080
#define NDIS_PACKET_TYPE_MAC_FRAME 0x8000
#define NDIS_PACKET_TYPE_FUNCTIONAL 0x4000
#define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x2000
#define NDIS_PACKET_TYPE_GROUP 0x1000

cheers,
Martin

"Nathan Evans" <f...@bar.com> wrote in message news:<#XElHIb#BHA.1980@tkmsftngp04>...

Nathan Evans

未读,
2002年5月16日 12:24:422002/5/16
收件人
Hi,

macaddr2 with the source code is perfect Thomas! :)

Thanks very much!

"Thomas F. Divine" <pca...@hotmail.com> wrote in message

news:udu5j5m...@corp.supernews.com...

0 个新帖子