none
NDIS Passthru and Network Monitor

    Question

  • Hi.
    I am writing a driver that is based on the NDIS Passthru from the WDK.
    I would like to work this driver on the WAN interface for logging PPP frames.

    NM: Network Monitor 3.3
    OS: Windows Vista SP1
    WDK: 7600.16385.0

    If the driver is installed with Network Monitor, the logging is OK.
    But if without Network Monitor, the logging is NG.
    Because a PtReceive function of the passthru isn't called.

    Why?

    Monday, February 15, 2010 11:16 AM

Answers

  • It seems that Vista supports NDIS6.0 and Vista SP1 NDIS6.1 (http://en.wikipedia.org/wiki/Network_Driver_Interface_Specification). 

    The article you mention states the following:

    Limitation

    NDIS 6.0 supports light weight filter drivers which replaces NDIS 5.0 filter IM drivers. Please see filter sample driver for NDIS 6.0.
    ----

    So there may be some strange interaction between the NDIS 5.1 Intermeidate filter driver on NDIS6.0.

    Could you create an NDIS6.0 LWF instead?  If not, you'll probably have to seek advice from the SDK Support directly as they would be more helpful in understanding how these two components might work together.

    On a related note, we are aware that Network Monitor will bind as the lowest LWF driver only.  This is somethign we are considering changing for future versions, but this might also be a limited factor if you need to captrue information from another LWF driver.

    Tuesday, February 16, 2010 6:15 PM
    Owner

All replies

  • Are you creating an NDIS light weight filter driver?  It's possible that you might have to ask another group has more expertise in this regard, but maybe I can try and help.

    Does it matter what order you install the drivers for Network Monitor and your driver?

    Does Network Monitor have to be running and capturing, on only installed?

    Thanks,

    Paul

    Monday, February 15, 2010 5:08 PM
    Owner
  • Hi Paul.

    It is not light weight filter driver.
    The Passthru sample driver is a NDIS 5.1 Intermediate Filter driver.
    http://msdn.microsoft.com/en-us/library/dd163350.aspx

    The installation order is not important and the problem doesn't change in either order.

    The Network Monitor is only installed, not running.

    Thanks,

    Tuesday, February 16, 2010 1:00 AM
  • It seems that Vista supports NDIS6.0 and Vista SP1 NDIS6.1 (http://en.wikipedia.org/wiki/Network_Driver_Interface_Specification). 

    The article you mention states the following:

    Limitation

    NDIS 6.0 supports light weight filter drivers which replaces NDIS 5.0 filter IM drivers. Please see filter sample driver for NDIS 6.0.
    ----

    So there may be some strange interaction between the NDIS 5.1 Intermeidate filter driver on NDIS6.0.

    Could you create an NDIS6.0 LWF instead?  If not, you'll probably have to seek advice from the SDK Support directly as they would be more helpful in understanding how these two components might work together.

    On a related note, we are aware that Network Monitor will bind as the lowest LWF driver only.  This is somethign we are considering changing for future versions, but this might also be a limited factor if you need to captrue information from another LWF driver.

    Tuesday, February 16, 2010 6:15 PM
    Owner