Wireshark · Ethereal-users: [Ethereal-users] Query

Ethereal-users: [Ethereal-users] Query

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Babur Khan" <bc201078@xxxxxxxxxxxxxxxx>

Date: Wed, 27 Jul 2005 19:16:11 +0600

hi, 
i have made a driver which encrypts/decrypts incoming/outgoing  ip packets, i 
used windows NDIS to build the driver and have implemented IPsec with SHA1 
for authentication and AES for encyrption/decryption.The driver is working at 
the Data Link Layer.The Problem is that when i tried to capture packets with 
Ethereal 0.10.11 with WinPcap 3.0 (sent meaages several times like 'net send 
computer2 what is your name?') i been to able to seen the data field as plain 
text. I was amazed , The drivers seems ok and working good , the what would 
be the problem?
Is Ethereal works Network Layer and capture at other layers so that my packet 
Captured before Data Link layer and where it receives, it captured at network 
layer after decryption at Data Link Layer.
Am i Correct?
Or is there any other issue?
Can you tell me please any other sniffer that works at data link layer?
i will be highly appreciated if you will be helping me.

Takecare.  

Babur Khan

Follow-Ups:
- Re: [Ethereal-users] Query
  - From: Saurabh Bhasin
- Re: [Ethereal-users] Query
  - From: Guy Harris

Prev by Date: [Ethereal-users] how to edit packet and send packet to net with ethereal ?
Next by Date: Re: [Ethereal-users] Query
Previous by thread: RE: [Ethereal-users] Query
Next by thread: Re: [Ethereal-users] Query
Index(es):
- Date
- Thread