|
Post by Lorenzo VBPCAP Founder on Nov 18, 2003 6:48:52 GMT -5
Hi world, please give me some suggestions, i'm little bit confused obout the best way to develop VBPCAP...
Please give me support answering to this questions:
What do u need more in a set of packet capture APIs ?
1- Easy of Use (aginst "deep control") 2 -Deep Control (against "Easy of use")
What do u expect from VBPCAP ?
1 - Less API than those exposed by Winpcap! I would like to start capturing packet in a flash with fewer functions calls 2 - The same API that winpcap expose ! I like winpcap as is and i think that vbpcap should be an exact copy of it 3 - A reduced set of APIs (Capture on Disk and in memory)
4 - Other
What is the much more intresting function that u expect?
1 - Send packets (RAW) 2 - Send packets (The dll build the packet header and so on) 3 - Capture in Memory slower but in the safest way 4 - Capture in Memory faster but with less security 5 - Capture on disk slower but in the safest way 6 - Capture on disk faster but with less security 7 - Multithreading Capture and disk dump
I hope that you guys answer asap (as soon as possible)
tnx Lorenzo VB Pcap Project founder
|
|
|
Post by Alan on Dec 7, 2003 17:26:15 GMT -5
Hi all
"What do you expect from vbpcap?" A very interesting thought, so here's my views...
Also, an explanation of why Lorenzo has asked whether you want ease of use or deep control...
Some of the people visiting this forum and reading this perhaps expect a 'fait accomplis'- i.e. you download a dll, get coding, and within a few minutes you are up and running with your application.
This is typical of ActiveX type add-ons to VB where a complex set of API functionality is packaged in an easy to use control with a few simple methods and events.
Packet Capture is not quite so simple. The world of IP is an extremely complex one, and you have to understand the way the protocol layers work... IP provides what might be called the 'container' of the packet and higher level protocols, such as TCP and UDP, provide the means by which we transmit and receive useful data.
Both of these protocol layers are lower down the stack than we can normally 'see' with Visual Basic. For example, many of us have used the Winsock control to implement telnet-like functionality in VB applications, and using this it's easy to write email or ftp clients, or even specialised custom client/server applications. You don't have to worry about packets- or really even know that they exist. This level deals with connections, not the media by which they work.
But there are times when you need to interface to a network at a lower level. Examples include network analysis- detection of hacking, discovery of viruses- or may be you wish to write a peer-to-peer networking client such as a file sharing program.
As far as packet sending is concerned, the ability to make 'custom' packets is a very powerful thing. Great for people who need UDP-like flexibility in their applications, but just think that it could also be the ultimate hacking tool- for Lorenzo, that is an awesome responsibility.
Of course the vbpcap project gives you the capability to do all of this- the first time ever that VB programmers have had this capability at no cost.
The beauty of API programming as opposed to an ActiveX type of approach is that YOU decide what you can do, not the person who wrote the control. Therefore, as they say, 'the world is your oyster'.
So the answer to the question 'where do u want to go today?' is not easy but I think it is this:-
I personally would wish to see a set of functions that combines, within the function call set, both the simple and the complex. So people who only need to read packets can do this, but the functionality exists to do much more.
I hope you found this useful, and happy VB'ing.
Alan
|
|
Marty
New Member
Posts: 3
|
Post by Marty on Dec 18, 2003 6:14:03 GMT -5
Hi Lorenzo, First off, very cool stuff. Your latest version works quite well and I've already created a GUI for it Anyway, let me answer some of your questions below with my suggestions: What do u need more in a set of packet capture APIs ? 1- Easy of Use (aginst "deep control") 2 -Deep Control (against "Easy of use") Ease of use for real RAD, but power for advanced control. What do u expect from VBPCAP ? 1 - Less API than those exposed by Winpcap! I would like to start capturing packet in a flash with fewer functions calls 2 - The same API that winpcap expose ! I like winpcap as is and i think that vbpcap should be an exact copy of it 3 - A reduced set of APIs (Capture on Disk and in memory) 4 - Other Personally, I would suggest (2) versions of the DLL. A lite version, and an advanced version. The lite version with basic API capture functions, and an advanced version with a more indepth set of API calls. What is the much more intresting function that u expect? 1 - Send packets (RAW) 2 - Send packets (The dll build the packet header and so on) 3 - Capture in Memory slower but in the safest way 4 - Capture in Memory faster but with less security 5 - Capture on disk slower but in the safest way 6 - Capture on disk faster but with less security 7 - Multithreading Capture and disk dump Definitely (2 & 7) As Alan pointed out, too much raw access would make it too easy to exploit. I hope this helps. If you have any questions, let me know. Keep up the good work! Marty
|
|
|
Post by jdomnitz on Aug 9, 2006 22:54:56 GMT -5
I realize this thread is a little old but just responding to say that more speed is definitely the way to go. The current code is still slower then the c++ alternative.
|
|
|
Post by Lorenzo VBPCAP Founder on Aug 19, 2006 10:02:41 GMT -5
Hi jdomnitz,
of coure i'm working on speed cause is critical for a capture library. Meanwhile try to rise the KERNEL MEMORY BUFFER as high as you can to improove vinpcap response.
regards Lorenzo
|
|
|
Post by jdomnitz on Aug 20, 2006 16:17:34 GMT -5
great advice...btw I think your demo implementation is off by 1024? I have changed the buffer from what I thought was 5mb (really 5kb) to the full 5mb with a HUGE performance increase but packet retrieval speed is still slower then winpcap alone. I am working with a team to speed up the vb implementation and will post the results.
|
|