On Thu, Jul 11, 2002 at 04:22:27PM -0500, Beatriz Silva wrote:
> Could somebody help me to understand what are the steps of a computer
> receiving a packet. It is received by the NIC and kept in a NIC buffer
> ?
It's received by the NIC; it might put it into a buffer on the NIC, but
either it will eventually transfer it to a buffer on the host,
maintained by the driver for the NIC, or the driver will pull it from
the buffer on the NIC into its own buffer.
> How is it given to the application?
The driver, when it receives a packet from the NIC, supplies it to
various pieces of other networking code in the OS. Eventually that code
supplies data to the application; that data might not be the raw packet,
however, as the application might just have opened a TCP socket, in
which case it just gets the TCP payload, not any of the TCP, IP, or
link-layer headers.
In the case of a packet-sniffing application on Windows, using WinPcap,
the WinPcap driver uses NDIS mechanisms to request that the driver for a
NIC supply it with packets as they arrive; those packets go directly
from the NIC driver to the WinPcap, or go there after passing through
only the NDIS code - i.e., they don't go through any IP, TCP, or any
other higher-level protocol code on their way to the WinPcap driver.
(The packet might *also* be supplied to, for example, the IP code, and
that copy of the packet *does* get process by IP, as well as by TCP if
it's a TCP segment.)
> In which part of the process Ethereal acts ?
Ethereal uses libpcap/WinPcap to do capturing, so it gets packets
supplied to it by libpcap/WinPcap.
The WinPcap library uses the WinPcap driver to get the packets.
> What exactly is NDIS?
The Network Driver Interface Specification:
http://www.pcausa.com/resources/ndisfaq.htm#WhatIsNDIS
http://www.pcwebopaedia.com/TERM/N/NDIS.html
http://www.microsoft.com/hwdev/tech/network/ndis5.asp
which is a specification for how to write network drivers for Windows.