What does 'Monitor other NDIS procotols' feature do?

Hi All!

I’m trying to figure out exactly what the ‘Monitor other NDIS procotols than TCP/IP’ feature does. It’s located in Firewall → Advanced → Attack Detection Settings → Miscellaneous (at the bottom of the menu).

Since it mentions Wincap (I assume they mean WinPcap) I tried capturing packets using Wireshark which uses WinPcap for the actual packet capturing task. Comodo FW provided no indication that WinPcap was active or capturing packets. The other firewall menus don’t seem to provide any additional control or settings for this feature.

Does anyone know what additional protection this feature provides?

I thought I’d take another look at this feature after reading an article titled “The truth about personal firewalls” at http://www.rootkit.com/newsread.php?newsid=849.

Thanks in advance for any info!!!


Haven’t used it, since I don’t use winpcap under Vista, but the help file says “This will force Comodo Firewall Pro to capture the packets belonging to any other protocol diver than TCP/IP. Trojans can potentially use their own protocol driver to send/receive packets. This option is useful to catch such attempts. This option is disabled by default: because it can reduce system performance and may be incompatible with some protocol drivers.”.

You cannot rely on what that article says since 90% of the products test have gone through some serous changes. That test was done using older and out dated version of most of those in the list.