|
|
 Up |
|
|
  |
Author: sarshah20sarshah20 Date: Mar 12, 2008 10:04
Hi All,
I was looking (again :)) at the LSP code that comes with Platform SDk
which i downloaded a couple of months ago. I just wanted to see if an
LSP traps DNS requests so i modified the WSPSend function by...
|
| Show full article (1.79Kb) |
|
| | 11 Comments |
|
|
Author: sarshah20sarshah20 Date: Mar 13, 2008 09:12
Hi again,
I have done a few additional things since yesterday to find out the
issue.
I have restarted the system after installing the LSP. I did it because
LSP when installed is only effective for those processes that are
executed after the LSP installation. So if i want to intercept network
calls by processes that are already running (like different services
or some other user process) then i would have to restart the system.
Still DNS queries are undetectable.
In order to verify if an LSP can intercept any UDP traffic, i tried to
connect from the machine where LSP is installed to a TFTP server on a
remote machine (on LAN). The connection was successful and LSP
intercepts the data sent over UDP (UDP data dumped in the log file and
compared with the network traffic to verify). From this, i am
suspecting that DNS queries are not sent by a process operating at
user level. I am not sure if this statement is entirely correct.
|
| Show full article (3.41Kb) |
|
| | no comments |
|
|
Author: Volodymyr M. ShcherbynaVolodymyr M. Shcherbyna Date: Mar 14, 2008 02:05
I did not verified this issue, but my assumption is that DNS traffic goes
via TDI providers and all operations are done in Kernel Mode. Consider ways
of traffic interception at kernel mode. For 2k and XP and Vista - TDI filter
may be enough.
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
yahoo.com> wrote in message
news:6f9e9de9-606d-416b-bb5b-61576969f22e@s12g2000prg.googlegroups.com...
Hi again,
I have done a few additional things since yesterday to find out the
issue.
I have restarted the system after installing the LSP. I did it because
LSP when installed is only effective for those processes that are
executed after the LSP installation. So if i want to intercept network
calls by processes that are already running (like different services
or some other user process) then i would have to restart the system.
Still DNS queries are undetectable.
|
| Show full article (3.85Kb) |
| no comments |
|
|
Author: Volodymyr M. ShcherbynaVolodymyr M. Shcherbyna Date: Mar 14, 2008 14:18
What you can do, is to download TdiMon or TdiScope, and look at the output
when making DNS request. If the "application" is "System", then, for sure,
the requests are generated in km system thread.
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Volodymyr M. Shcherbyna" online.mvps.org> wrote in message
news:OGDUXKbhIHA.3352@TK2MSFTNGP04.phx.gbl....
|
| Show full article (4.38Kb) |
| no comments |
|
|
Author: Vishal SwarnkarVishal Swarnkar Date: Mar 14, 2008 23:10
On Mar 15, 2:18Â am, "Volodymyr M. Shcherbyna"
online.mvps.org> wrote:> What you can do, is to download TdiMon or TdiScope, and look at the output
> when making DNS request. If the "application" is "System", then, for sure,
> the requests are generated in km system thread.
>
> --
> V.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> "Volodymyr M. Shcherbyna" online.mvps.org> wrote in messagenews:OGDUXKbhIHA.3352@TK2MSFTNGP04.phx.gbl...
>
>
>>>I did not verified this issue, but my assumption is that DNS traffic goes
>>via TDI providers and all operations are done in Kernel Mode. Consider ways
>>of traffic interception at kernel mode. For 2k and XP and Vista - TDI
>>filter may be enough.
>
>> -- ...
|
| Show full article (6.43Kb) |
| no comments |
|
|
Author: Vishal SwarnkarVishal Swarnkar Date: Mar 14, 2008 23:13
On Mar 15, 11:10Â am, Vishal Swarnkar gmail.com>
wrote:> On Mar 15, 2:18Â am, "Volodymyr M. Shcherbyna"
>
>
>
>
>
> online.mvps.org> wrote:>> What you can do, is to download TdiMon or TdiScope, and look at the output
>> when making DNS request. If the "application" is "System", then, for sure,
>> the requests are generated in km system thread.
>
>> --
>> V.
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Volodymyr M. Shcherbyna" online.mvps.org> wrote in messagenews:OGDUXKbhIHA.3352@TK2MSFTNGP04.phx.gbl...>
>>>I did not verified this issue, but my assumption is that DNS traffic goes ...
|
| Show full article (6.87Kb) |
| no comments |
|
|
Author: sarshah20sarshah20 Date: Mar 17, 2008 06:39
Guys thanks for your responses. Here is what i found out.The problem
completely goes away if i do the following: Stop the DNS client from
Services list, installed the LSP and now i am getting DNS data in
WSPSendTo. I had logging enabled in WSPSend, WSPSendTo and
WSPSendDisconnect but if i do not stop the DNS client service and then
install LSP, DNS data is not intercepted not even in WSPSendTo. Any
thoughts on this?
On Mar 15, 11:13Â am, Vishal Swarnkar gmail.com>
wrote:> On Mar 15, 11:10Â am, Vishal Swarnkar gmail.com>
> wrote:
>
>
>
>
>>> On Mar 15, 2:18Â am, "Volodymyr M. Shcherbyna"...
|
| Show full article (7.57Kb) |
| no comments |
|
|
Author: Volodymyr M. ShcherbynaVolodymyr M. Shcherbyna Date: Mar 18, 2008 00:26
If you simply reboot machine, does the LSP intercept data?
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
yahoo.com> wrote in message
news:ed693aa6-f4c3-4c20-8abb-fd88876d0320@d4g2000prg.googlegroups.com...
Guys thanks for your responses. Here is what i found out.The problem
completely goes away if i do the following: Stop the DNS client from
Services list, installed the LSP and now i am getting DNS data in
WSPSendTo. I had logging enabled in WSPSend, WSPSendTo and
WSPSendDisconnect but if i do not stop the DNS client service and then
install LSP, DNS data is not intercepted not even in WSPSendTo. Any
thoughts on this?
On Mar 15, 11:13 am, Vishal Swarnkar gmail.com>
wrote:> On Mar 15, 11:10 am, Vishal Swarnkar gmail.com>
> wrote:
>
>
>
>
>>> On Mar 15, 2:18 am, "Volodymyr M. Shcherbyna"...
|
| Show full article (8.02Kb) |
| no comments |
|
|
Author: Vishal SwarnkarVishal Swarnkar Date: Mar 18, 2008 01:31
On Mar 18, 12:26Â pm, "Volodymyr M. Shcherbyna"
online.mvps.org> wrote:> If you simply reboot machine, does the LSP intercept data?
>
> --
> V.
> This posting is provided "AS IS" with no warranties, and confers no
> rights. yahoo.com> wrote in message
>
> news:ed693aa6-f4c3-4c20-8abb-fd88876d0320@d4g2000prg.googlegroups.com...
> Guys thanks for your responses. Here is what i found out.The problem
> completely goes away if i do the following: Stop the DNS client from
> Services list, installed the LSP and now i am getting DNS data in
> WSPSendTo. I had logging enabled in WSPSend, WSPSendTo and
> WSPSendDisconnect but if i do not stop the DNS client service and then
> install LSP, DNS data is not intercepted not even in WSPSendTo. Any
> thoughts on this?
>
> On Mar 15, 11:13 am, Vishal Swarnkar gmail.com>
> wrote: ...
|
| Show full article (9.03Kb) |
| no comments |
|
|
|
|
|
Author: sarshah20sarshah20 Date: Mar 20, 2008 10:53
I tried the following things:
1- I did not stop the DNS Client service and installed the LSP.
Rebooted the machine and used ping to send the DNS request. Did not
log anything.
2- I stopped the DNS Client service and installed the LSP. Did not
restart the machine and used ping to generate DNS request. DNS request
was intercepted and logged to file.
Could it be a difference of some settings on my machine or what?
sarshah
On Mar 18, 1:31Â pm, Vishal Swarnkar gmail.com> wrote:> On Mar 18, 12:26Â pm, "Volodymyr M. Shcherbyna"
>
>
>
>
>
> online.mvps.org> wrote:>> If you simply reboot machine...
|
| Show full article (9.89Kb) |
| no comments |
|
RELATED THREADS |
|
|
|
|
|
|
