On Tue, Sep 16, 2003 at 12:27:42PM -0500, Munshi, Shahid K. (Manpower Contract) wrote: > It says: > 1410 packets received by filter
Which probably means that the WinPcap driver saw 1410 packets. If they weren't UDP packets, it would have filtered them out when capturing with "udp" as a capture filter, so they wouldn't be printed. > But, If I type command: > > windump -ne -s100 > > This is without any protocol filter. > > It prints out in output windows different number of packets than It > reports after pressing CTRL + C. What are the two numbers? Note that the number printed as "received by filter", if it comes from the WinPcap driver (as I think it does), can include packets that have not yet been read by WinDump - and, as you've terminated WinDump by typing control-C, those packets never will be read by WinDump.
