How Microsoft Network Monitor works - pcap

Does Microsoft Network Monitor depends on pcap/winpcap/libpcap libary? Or it has built its own libary/drivers to capture network packets? I cannot find any information about that subject. I am asking, cos Microsoft Network Monitor does not require restart after installation (so it does not load kernel level drivers?) and captures incoming packets even on Windows 7, where raw packets capturing does not work.
Additional information about raw packets limitation: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/65ce9bee-897b-4c19-a4c6-4d3da103be44/
Edit: I find answer myself -
The Network Monitor engine is divided into two parts: the capture engine and the parsing engine.
The capture engine is a driver that interfaces with the Network Driver Interface Specification (NDIS) to read frame data. It is a system driver that is installed automatically on Windows Vista. On previous operating systems, the capture driver is part of the system.
The parsing engine, on the other hand, is in user mode. This engine uses Network Monitor Parsing Language (NPL) files to determine how to parse raw frame data. It also filters frames.
The API can access both parts of the engine, as well as save and load capture files.

Windows may support loading kernel modules (.sys files) without needing to reboot, so there might not have to be a reboot after installing Network Monitor.
Network Monitor does not use WinPcap; it has, as you note, its own NDIS driver that serves a similar purpose to WinPcap's NDIS driver.

Related

How to Connect opc server?

I have Analyzer which connects to a computer with cat5 cables . This Computer reads the data through a software called ComVisioner .ComVisioner has two Modes, one is Server Mode and Other is Client Mode A Server software acts as the engine in the system, providing one or more clients with information.
Server version is installed on a single computer . Once Server version is installed it collects data, performs calculations, produce reports and so on.
The ComVisioner client runs in the same computer as the server. Other clients can access the same single server through a network, providing that the software license allows more than one client at the same time
so there is Two client computers who access the as mentioned above .this all connection is done by Network cables . This part is fine
As License of Client is very expensive our company wants to add a OPC software so that more user can acquire data .As i have no knowledge on Opc part please suggest me How can i do it ?. what sort of software should i use ?. Can i install this software different pc with is connected in same network
There is also one more software installed in that computer which pushes the data as Modbus protocol
First, you need to make sure that the ComVisioner can give OPC data. (work like opc server). This should be indicated in the documentation.
Download the free OPC client, and make sure you can read the data (for example you can use, matrikon opc explorer or kepware quick client (I like it more, it goes together with KepServerEx, to download them you need to register)
If you can connect and see the data, then there will be no problems with access to the data. Next you need to find a solution for which Opc client suits you. Probably some SCADA system, but some good SCADA also cost a lot, and require a lot of development time.
I don't recommend you try to use modbus if there is opc. If you will use modbus you will have many problem with addressing and value format.
ps
We had a problem with expensive licenses. As a result, we solved the problem by give access for programm for clients via RDP (remote desktop connection)

How to Stream data over TCP to a Windows 7 laptop?

Im acquiring data from a sensor using RaspberryPi. Now the idea is to get the data streaming over an ethernet link to my Windows 7 laptop and do the monitoring and recording on the laptop. Can I get some advice on how to implement this in C/C++.
The idea is to get the signal from a sensor streamed to a Windows GUI.
You can push data from your raspberry PI to you Windows
You can have some sort of service on your Windows box and your raspberry PI can push information to your software running on your Windows.
or
you can pull data from your raspberry PI to you Windows
In this case, raspberry PI would be a passive provider and Windows would ask for data.
Hard to give you more information without more details but basically you decide who is going to the passive and active and program that way.
I personally would request data from the raspberry PI to Windows as I can have my service running and just update when I need instead of having my service running and suddenly have my data changing.
That said, it's hard to say without more details.
You need to tell what kind of programming language are you going to use.
According to your question, you need to dig into socket programming.
Recently,I linked my two Raspberry-Pi by writing a python script to establish a TCP connection between them.
and there is this protocol called "RTSP(Real Time Streaming Protocol)" to (as the name says) stream data in real-time.
(If you are to use python , there is this module called gst-python for streaming).
I think the above infos would give you where to start.

What is efficient way to transfer a large file from server to multiple clients?

I have a requirement to transfer/multicast a large file about >40g of file from a server to multiple clients at the same time and this will be done for only once. Is there any good protocol to do that in Linux? I tried using UFTP, but it didn't work.
UFTP should be a good tool for this situation. If the server and clients are on the same LAN, there shouldn't be any issue with them communicating. If there are one or more routers separating them, then you would either have to configure routers to allow multicast traffic to pass or you could use UFTP's proxy servers to create a bridge between different network segments.
You could use the excellent bittorrent protocol and make it private by using Bittorent Sync.
Go to Bittorrent Sync Web Site for details.
The main advantages I see are :
It's design to transport large files (if you have a network disruption it's not a problem)
It's free
It's cross plateform : Windows, Linux (i386, x64, ARM, PowerPC), FreeBSD, Mac, Android, IOS, and more ...
It's secure (you provide the encryption keys)
It's quite simple to configure

How to control modems inside a GoIP gateway with AT commands

We have acquired a 4 channel GSM Gateway, model GoIPx4-G610 (the manual is titled "GoIP Series SIM Card for GSM Voice Gateway - GSM VOIP Gateway").
We are looking to develop a custom application to control the GOIP gateway. We have developed in the past custom applications that controlled simple GSM modems through AT commands for sending/receiving SMS messages in particular.
Although the gateway can be controlled through SIP we would like to control the GSM modems embedded in the gateway through AT commands if possible. This is because of the fine grained control AT commands offer and because we do not need VoIP features since we need only to send/receive SMS messages.
The gateway runs an unknown Linux instance to which we can connect through telnet. Unfortunately we do not have the credentials to authenticate to it. The gateway also has a web http administration interface to which we can authenticate but we can't find there settings/information related to channels that we can use for AT commands.
The documentation is very poor and the provider could not offer us any helpful information regarding this.
If anyone knows how we can send AT commands to the modems inside the gateway it is highly appreciated.
Up to now we have tried a brute force attack on the telnet interface to find the credentials with no success. We hope that once we can connect to the Linux instance driving the gateway we can connect from there to the modems through serial connections (to send AT commands) and we can reconfigure it to redirect the connections outside of the modem or to make an interface for sending commands to the modems.
The device has an update firmware option (through the web interface) which always gives the error "download failed". Downloaded the firmware (.pkg file) manually from their update pages and extracted the files from the embedded Linux distribution that should correspond to the ones placed on the gateway. The files were kept in the pkg file as an ROMFS compressed image which we mounted on a test station to see the files (probably the running OS on the gateway is an uClinux distribution).
Did this hoping that we can find there the /etc/passwd file which could be cracked with classic attack. However didn't found it and probably that file is placed on the gateway flash memory (contrary to the Linux files which are stored on the ROM memory). So if there is a way to erase / reset this flash memory that could be a solution (in case the gateway doesn't refuse to boot without those files). Another solution would be to be able to access the flash memory with the passwd file if there is such thing.
You might take the lid off and see what parts are inside.
If it's a general purpose processor with a published data sheet and without a lot of code security features, you might be in luck. For example, you might find:
By guessing headers or tracing from known pins, a console serial port, either logic level or RS232, hopefully with a shell listening
A boot mode pin for the micro connected to a resistor, which you could jumper to cause the micro to boot to a uart bootloader where you could download a new system image, or patch the existing one. If you are lucky the bootloader would be something known, like u-boot.
A JTAG port for the processor
A removable storage device which you could remove and alter
an SPI flash which you could carefully tap into and alter
A flash chip which you could desolder and transplant to a programmer
You could also make a GPL sources request for the kernel and whatever else from the vendor. Or even just trying to identify versions of things like a web server could help you look up any known exploits. Since it seems you have a similar system image to that which is installed, looking through it could be helpful - look for additional daemons running, listening on ports you weren't previously aware of, left over debug support, etc.
I am the developer of the GoIP you've purchased. Instead of trying to hack the GoIP, did you contact us to support your development of custom applications? Here are the updates of GoIP for you.
GoIP now supports SMPP. This could be an alternative to using AT commands to send and receive SMS.
API (Application Programming Interface) for GoIP is now available to support your custom application development.
If AT commands are still the preferred method, please contact us and I would be happy to discuss with you further.

Non-Socket Services?

I am going to write a service to manipulate a database that all Insert/Update/Delete/Select will be executed via this service.
However, I only know socket services (Web service is a kind of socket service because it uses network layer).
What I am concerning is the performance of socket services. Because they needs to go through the network layer. So OS needs to start the network layer and then pass all packets to my program that maybe have performance overhead on network layer.
So my question is: is there any non-socket services working in both Windows and Linux?
Updated at 19th January 2012
I found the solution here: http://en.wikipedia.org/wiki/Inter-process_communication
Is this over the network, or on same box?
If over the network, sockets are fine, WCF, web services are all fine (this is how SQL Server, Oracle and everything else work...)
If local, same box, you can use a shared memory approach, and avoid the network completely.
FWIW, Shared Memory totally works on Windows. See CreateSharedMemory function from Win32-SDK. In .NET, you can use .NET remoting with shared memory as the transport. There are many ways to do this on Windows.