Wireshark · Ethereal-users: Re: [Ethereal-users] dial up modem and self made IDS

Ethereal-users: Re: [Ethereal-users] dial up modem and self made IDS

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 26 May 2004 20:24:44 -0700

On Wed, May 26, 2004 at 06:08:49PM +0000, zaheer ahmed wrote (in HTML -
some mail readers used by people on this list don't make it easy to read
HTML mail, so text mail is preferred):

> i have my self made Intrusion detection and prevention system.
> i want to know that if i want to capture packets on dial up modem
> through my IDS which is at the moment made for LAN and uses winpcap
> 3.01-alpha.what changes i ahve to do in it.

You should un-install WinPcap 3.01-alpha and install WinPcap 3.1 beta. 
Earlier versions of WinPcap don't support capturing on PPP interfaces
(such as dial-up modems) very well.
 
> i have installed \Device\Packet_NdisWanBh but i dont know how can i
> access it for packet capturing in my self made IDS.

You do so with WinPcap 3.1 beta, which uses the Network Monitor driver
(that device is for Network Monitor, the Microsoft internal name for
which is, I think, "Bloodhound", hence the "Bh") to capture on PPP
links, at least on W2K and WXP (and maybe W2K3 Server).

References:
- [Ethereal-users] dial up modem and self made IDS
  - From: zaheer ahmed

Prev by Date: Re: [Ethereal-users] Wireless?
Next by Date: Re: [Ethereal-users] Can't Find Ethernet Adapter
Previous by thread: [Ethereal-users] dial up modem and self made IDS
Next by thread: [Ethereal-users] Can't Find Ethernet Adapter
Index(es):
- Date
- Thread