July 22, 2003

Bug in NetMon Utility

Bug in NetMon How to crash NetMon utility running on Windows 2000? (okay okay don't laugh, W2K is not that bad... W2K crashes less frequently).

The aim of my application is to genearte appropriate PPP packets and establish a dial-up connection with RRAS on W2K. I was using NetMon utility to monitor the flow of the PPP negotiations and debugging my application.

My application sends following Dummy PPP Packet to RRAS to kick start the PPP negotiation:
unsigned char DummyFrame[] = {
0x7E, 0xFF, 0x03, 0xC0, 0x21, // PPP Frame Header
0x01,                         // Configuration Request
0xFF,                         // Identification
0x00, 0x04,                   // Length - No contents
0xFE, 0x29,                   // CRC
0x7E,                         // PPP Frame End
'\0'
};

unsigned int uiLen = 12;           // Length of the DummyFrame

After a while, I thought of randomizing the Identification field, so I did the following change:
srand((unsigned)time(NULL));
DummyFrame[8] = (unsigned char) rand();
CalculateAndFillCRC(DummyFrame, uiLen);

Yes, I was dumb enough to calculate the Identification field's offset as 8 insted of 6. Insted of randomizing the Identification field, I was randomizing the Length field. But there is some one dumber out there...

I have theThe NetMon utility capturing the PPP packets and when I want to view the packets, NetMon crashes with an Access Violation. It seems, the NetMon expects that the packets it receive are flawless, so doesn't have any error checkings in it.

Also, it looks like the Protocol stack on W2K discards the erroneous DummyFrame silently (as my application never gets a Reject for that packet), but doesn't count the packet as an Error (that is, the error count in the connection Status dialog remains Zero!)

When I correct the offset value for Identification field, every thing works fine.
 Posted by hari at July 22, 2003 01:14 PM
Comments