posts - 20 , comments - 57 , trackbacks - 0

NDIS Packet Capturing DLL

Recently I was involved in searching for Windows socket data that got corrupted upon reception in a Windows CE 6 executable. The data was transmitted from a Windows 7 desktop PC.

At first it was not clear where the problem was located.

  • Was it the Windows 7 (C#) application?
  • Was it the Windows 7 TCP/IP stack?
  • Was it the Windows 7 NDIS?
  • Was it the Windows 7 network interface driver?
  • Was it the Windows 7 PCI interface between the network card and the cpu (main memory)?
  • Was it the Windows 7 network interface card?
  • Was it the Windows 7 PC?

  • Was it the cable or hardware? Was it noise or EMI?

  • Was it the Windows CE 6 ePC (embedded PC)?
  • Was it the Windows CE 6 network interface card?
  • Was it the Windows CE 6 PCI interface between the network card and the cpu (main memory)?
  • Was it the Windows CE 6 network interface driver?
  • Was it Windows CE 6 NDIS?
  • Was it Windows CE 6 TCP/IP stack?
  • Was it Windows CE 6 (C++) application?
  • On the Windows 7 PC you can use WireShark to trace all in and outgoing traffic. But what can you do on the Windows CE side?

    Well, I found out – after all these years – that Windows CE (since 4.x) has the possibility to capture and trace (Ethernet) traffic that passes through the CE NDIS layer. How do you enable this feature? From the Platform Builder Catalog select the “NDIS Packet Capture DLL” feature. This will add the necessary DLL and registry keys to your image.

    To use it at runtime, simply enter the following commands at the Windows CE command prompt.

    > netlogctl.exe cap_size 20000000
    > netlogctl.exe start
    ...
    > netlogctl.exe stop

    By default 2 files netlog0.cap and netlog1.cap are alternatively written to the “\” root folder. The nice thing is that you can open them afterwards with WireShark for analysis.

    For more information:

    http://msdn.microsoft.com/en-us/library/ee493097.aspx

    Print | posted on Tuesday, July 1, 2014 9:25 PM | Filed Under [ Windows CE Windows Embedded Compact Microsoft NDIS TCP/IP ]

    Feedback

    No comments posted yet.
    Post A Comment
    Title:
    Name:
    Email:
    Comment:
    Verification:
     

    Powered by: