Hi Matthew.
I've read all the messages trying to find out what could cause
the problem.
I want to add a couple of things:
1. winpcap does not install anything that modifies the
behavior of a nic driver by changing registry entries or similar (although it
does install a couple of registry entries for its own kernel driver npf.sys).
Promiscuous mode is set when an adapter is open, when you close the adapter,
promiscuous mode is disabled.
2. There is a sort of side effect in turning promiscuous mode
on: basically the TCP/IP stack behaves differently with special promiscuous
packets, and this "feature" is used by apps that are able to find the sniffers
on a network. You can find a better explanation of this behavior here:
3. Some users suggested to use some sysinternals tools like
pskill, pslist, process explorer, regmon. You can also use tcpview from
sysinternals. Although it only shows tcp and udp infos, sometimes it's useful to
discover "strange" applications that listen to some udp or tcp
ports...
Have you tried sniffing the traffic between the machine and
the switch with a third machine? You can install a hub between the two machines,
and then use a third machine running windows + winpcap (being careful to remove
tcp/ip from the network card use to sniff, so that the sniffer is *completely*
invisible) or linux/bsd + libpcap.
Hope it helps
GV
|
- Re: [WinPcap-users] Criritcal issue: NIC st... Matthew Tagg
- Re: [WinPcap-users] Criritcal issue: NIC stealing all AR... KanjiSoft Systems
- Re: [WinPcap-users] Criritcal issue: NIC stealing a... Matthew Tagg
- Re: [WinPcap-users] Criritcal issue: NIC steali... Stef
- Re: [WinPcap-users] Criritcal issue: NIC st... Stef
- Re: [WinPcap-users] Criritcal issue: NI... Matthew Tagg
- Re: [WinPcap-users] Criritcal issu... Terry Braun
- Re: [WinPcap-users] Criritcal ... Matthew Tagg
- Re: [WinPcap-users] Criritcal ... Terry Braun
- Re: [WinPcap-users] Criritcal issue: NIC steali... KanjiSoft Systems
- Gianluca Varenni