It says: 1410 packets received by filter 0 packets dropped by kernel The test bench I have is isolated LAN between two PC. There is no another source or destination from where Packets generates or destined to. I have UDP filter at command line. But, If I type command:
windump -ne -s100 This is without any protocol filter. It prints out in output windows different number of packets than It reports after pressing CTRL + C. I need to understand this. Shahid -----Original Message----- From: Guy Harris [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 11:12 AM To: Munshi, Shahid K. (Manpower Contract) Cc: [EMAIL PROTECTED] Subject: Re: [Ethereal-users] WinDump Output These questions are probably best asked on the winpcap-users mailing list: http://winpcap.polito.it/contact.htm On Tue, Sep 16, 2003 at 11:00:05AM -0500, Munshi, Shahid K. (Manpower Contract) wrote: > I am trying to capture "udp" packets across two PC running Windows 2000. > I used: > windump -ne -s100 udp > > These command line options starts capturing file. but, When I stopped > it by pressing CTRL + C ., It shows me number of packets around 1410. > But when I looked at stdio screen (Output Window) , Which is DOS prompt > on windows 2000, The number of packets are around 8. What *exactly* did WinDump say when it reported about 1410 packets? Perhaps it reported "1410 packets received by filter", which means that the WinPcap driver saw 1410 packets; however, most of them might not have been UDP packets, and you have a filter of "udp", so, if WinPcap reports, as the number of packets received by the filter, the number of packets seen *before* the filtering is done, that number could be larger than the number of packets it actually prints.
