As the faq at http://winpcap.polito.it states, you should be able to make npf.sys load during system boot changing the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start from 0x3 (SERVICE_DEMAND_START) to 0x2 (SERVICE_AUTO_START) or 0x1 (SERVICE_SYSTEM_START). No need of .inf installation, simply install and run winpcap (to create the registry keys). At this point, any user shoul be able to sniff the network traffic.
Loris ----- Original Message ----- From: "Kevin Gilbert" <[EMAIL PROTECTED]> To: "WinPcap" <[EMAIL PROTECTED]> Sent: Monday, July 15, 2002 7:04 AM Subject: [WinPcap-users] Security and WinPcap Some time ago (May 23 to be exact) I posted a query that resulted in <http://www.mail-archive.com/[email protected]/msg00195.html> this thread. It is only now that I have had the time to investigate this matter further. <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> I fully appreciate the security implications of allowing any user to use the full capabilities of WinPcap. However, in my environment (and maybe others) security is not a concern. The software that will be based on WinPcap will be used in student computer laboratories that will be fully quarantined from the outside world. So to the results of my investigations: 1) Administrator access is required because of the use of value SC_MANAGER_ALL_ACCESS used in the dwDesiredAccess parameter of the OpenSCManager function. 2) That value is only required because of the call to the function OpenSCManager. Could this be overcome by loading the npf.sys driver at boot time? I refer to the sections "Loading Device Drivers "and "Initializing Device Drivers " in this <http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtech nol/windows2000serv/reskit/serverop/part4/sopch15.asp> Microsoft page. This would probably mean that npf.sys would have to be installed via the Control Panel therefore a .inf file would be required to specify the required settings in the registry, which, according to <http://www.mail-archive.com/[email protected]/msg00029.html> this is not a job for amateurs. Any and all comments, criticisms and / or assistance would be gratefully received. Regards, Kev Gilbert TAFE Lecturer in IT Northern Territory University Phone: +61 08 8946 6282 Fax: +61 08 8946 6667 Mobile: 0419 206 146 Email: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] CRICOS Provider No: 00300K
