Matthew,
Switches keep
track of which mac addresses are on which port for that switch, i.e. you
have a table on the switch of mac address/port. It's possible that
there are two entries in the switch table for the same mac address but
different port. This could happen if you switched a mac
> -Original Message-
> From: Zemer Margolin [mailto:[EMAIL PROTECTED]
> Sent: lunedì 29 novembre 2004 13.06
> To: [EMAIL PROTECTED]
> Subject: RE: [WinPcap-users] Pcap file format
>
>
> Gui,
> Thanks for your help and quick response.
> I believe the information at
> http://analyzer.polito
Pardon me for jumping in, but if you're trying to keep traffic
statistics while connected to a switch port (as opposed to a hub),
how does your traffic statistic program convince the switch to
forward all of the network's packets to its port? I am far
from expert in this area, but it seems to me t
Hi Loris,
Thanks or your help, much appreciated.
The wierd thing is the problem occured within 10 minutes of installing
WinPCap and trafficstatstic, with no other configuration changes on the
machine.
Is it not possible that there is some undocumented windows registry setting
that could have bee
Alex,
>
> Hello,
>
> I am building the application that must capture high volume
> of packets on several network devices with intensive variable load.
>
> On LINUX I can use "pcap_get_selectable_fd" and then use
> "select" to work with several devices in one thread.
>
> On Windows I have to
Matthew,
WinPcap by itself is not able at all to answer to ARP requests: winpcap is a
packet library that receives and sends raw traffic. An application that uses
WinPcap could answer to ARP requests, by I think this is not your case,
because it looks that the problems persists even if you uninstal
Hi Loris,
>Recent versions of WinPcap *should* check pretty toroughly the frame lenght
>before sending it, because we had several bug reports (and bug fixes) in the
>past on this matter. Rob, what version are you using?
The deadlock crash was with 3.1 Beta 3, it was totally repeatable, and it
was
Zemer Margolin wrote:
1. The new PCAP format allows additional private fields in a TLV format,
is there a way to do so in the existing format?
No. That's one reason why the new format is being developed.
2. Are there any more specification documents you can send me their links?
I've sent mail mess
We ran into a similar problem with the Intel PRO/100 and PRO/1000 NIC cards. In
this case, we were unable to sniff packets that were not sent to the machine we
were running the sniffer on. It seems that the newer Intel drivers have
built-in network traffic "smarts" that prevent the NIC from pass
Gui,
Thanks for your help and quick response.
I believe the information at
http://analyzer.polito.it/docs/advanced_man/how_to/add_new_lff.htm
Would help us develop the converter.
2 more question if I may:
1. The new PCAP format allows additional private fields in a TLV format, is
there a way to
We have a machine in our datacenter that started stealing
ARP's request once we installed WinpCap and Traffic Statistic (http://www.trafficstatistic.com).
Marcel Bartels the author assures me it not related to his
application thus I'm wondering if any othe WinPCap users have heard of
this.
Zemer Margolin wrote:
I am currently working on a converter that converts captured packets from one
format to another.
One way to do that might be to contribute to Ethereal:
http://www.ethereal.com/
code to read the format from which you're converting - Ethereal has a
limited ability to re
Dear Sir/Madam,
I am currently working on a converter that converts captured packets from one
format to another.
Unfortunately, I wasn’t able to find any document describing the PCAP file
format. Not a structure in a programming language, but a specification document.
The only document I found is
13 matches
Mail list logo