我试图熟悉wdk中的ndisproto样本。根据文档,-r -n 10选项应该从接口读取10个数据包,但即使我ping到接口也没有结果!它读取流量的唯一时间是我们使用写入选项。
样本相同,除了改为#define NPROTO_PACKET_FILTER (NDIS_PACKET_TYPE_ALL_LOCAL|NDIS_PACKET_TYPE_PROMISCUOUS)之外没有任何修改。
驱动程序是否真的有线连接来读取源自其他来源的流量?
我错过了什么?知道如何使用ndisproto读取/嗅探流量吗?
C:\Users\Administrator\Desktop\ndisprot>prottest.exe -r -n 10 \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8}
Option: NumberOfPackets = 10
Trying to access NDIS Device: \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8}
Opened device \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8} successfully!
Trying to get src mac address
GetSrcMac: IoControl success, BytesReturned = 14
Got local MAC: 00:0c:29:23:b1:09
DoReadProc
C:\Users\Administrator\Desktop\ndisprot>prottest.exe -w -n 1 \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8}
Option: NumberOfPackets = 1
Trying to access NDIS Device: \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8}
Opened device \DEVICE\{17152850-6288-471A-9708-2889E7F55EE8} successfully!
Trying to get src mac address
GetSrcMac: IoControl success, BytesReturned = 14
Got local MAC: 00:0c:29:23:b1:09
DoWriteProc
DoWriteProc: sent 100 bytes
DoWriteProc: finished sending 1 packets of 100 bytes each
DoReadProc
DoReadProc: read pkt # 1, 100 bytes
DoReadProc finished: read 1 packets
答案 0 :(得分:1)
最后得到了答案。原因是,驱动程序示例专门用于发送/接收EAP over LAN帧,而不是全部。 NdisprotReceiveNetBufferLists中有几个break语句可以阻止除ethertype 0x888E的帧以外的任何其他数据包到达客户端应用程序。
发送的情况也一样。