LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Capturing Ethernet frames from NIC directly

I am looking for C++ code to read and send frames directly from/to NIC. I don’t want the gram to reach the window network kernel. 

0 Kudos
Message 1 of 8
(462 Views)

@Abushaar wrote:

I am looking for C++ code to read and send frames directly from/to NIC. I don’t want the gram to reach the window network kernel. 


This is what Wireshark  software does

Ethernet capture

Packet Capture (Npcap)

pcap — Npcap API

 

Just curious - do you need to do the same directly from LabVIEW?

0 Kudos
Message 2 of 8
(456 Views)

As far as I know, Wireshark take a copy of the packet. The packets will keep going to windows network kernel. 
what I want is to redirect all the received frames to my code similar to what firewall does.

0 Kudos
Message 3 of 8
(449 Views)

@Abushaar wrote:

As far as I know, Wireshark take a copy of the packet. The packets will keep going to windows network kernel. 
what I want is to redirect all the received frames to my code similar to what firewall does.


It is a hard task, you have to develop something like NDIS Intermediate Driver to hook on the traffic. May be it will be more simple to capture packets before Windows Firewall (I guess NPcap shall be able to do that as long as Wireshark can), and then simply block traffic with standard Windows Firewall as you like. Alternative approach is to make something like proxy, if the sender and receiver can be configured to use different ports, then you can communicate with both and stay in the middle like client/server, then block or not the packets depend on your rules. This can be simply done in LabVIEW.

 

0 Kudos
Message 4 of 8
(440 Views)

Thank you for your reply. Capture packet is fine to me. But does NPcap intercept the packet or just take a copy(sniffing) of the packet?  I don’t want the packet to reach window network Kernel. 

0 Kudos
Message 5 of 8
(415 Views)

@Abushaar wrote:

Thank you for your reply. Capture packet is fine to me. But does NPcap intercept the packet or just take a copy(sniffing) of the packet?  I don’t want the packet to reach window network Kernel. 


As far as I can see on internet - no, the Pcap will take a copy, but will not block packets for further propagation, here you need to design and develop your own driver, act as self-made firewall. But here we are at a very low level, this is not related to LabVIEW at all.

0 Kudos
Message 6 of 8
(398 Views)

At this stage, using an Ethernet IPCore from Xilinx and trying to do it on FPGA might even be easier.....

Message 7 of 8
(386 Views)

@Intaris wrote:

At this stage, using an Ethernet IPCore from Xilinx and trying to do it on FPGA might even be easier.....


I would echo that. Basically you need to write a NDIS filter driver. This is basically a kernel device driver. Good fun to debug! Not! This is very specialistic work. The NPCap filter driver is basically one such thing, except it does of course just intercept packets in order to be able to sniff on them, not stop them. You could take the NPCap source code and modify it.

 

But! Writing (and even modifying) device drivers is a serious low level business! It starts with setting up the compile tool chain to create device drivers, goes further with getting such drivers installed in the system that one can actually debug them, then getting a valid code signing certificate to sign the driver binary. Without signing a device driver binary with a valid (read commercial) certificate that costs money, Windows 10 and newer will simply refuse to load such a driver unless you set it into a special debug mode. How many man months can you spend on this?

Rolf Kalbermatter
My Blog
0 Kudos
Message 8 of 8
(346 Views)