Guy,
Guy Harris wrote:
Unfortunately, Windows is one of the systems on which traffic from the
machine to itself can't be captured, unless WinPcap supports the
"Microsoft Loopback Adapter", which I have the impression it might not
do. You could always try it; see
http://support.microsoft.co
James,
can you do a couple more tests?
- does the problem happen *whatever* filter you set? (e.g. "ip", "tcp",
"udp")
- does anything changes if you enable/disable promiscuous mode?
Loris
James Garrison wrote:
Yes, I tried both 3.0 and 3.1b4 with the same results.
===
You said in your previous mail that you were using WinPCap 3.0. Did you
try 3.1b4 too? Do you have the same results?
Loris
James Garrison wrote:
I tried doing the capture using only the example files
incuded in the PCap developer's kit, compiled under cygwin,
and got exactly the same results.
./p
Ben,
Ben Greear wrote:
Thanks! Could you let me know what sort of tool chains I need to
compile winpcap (including the driver)? I was hoping that I wouldn't
need to, but it is probably the problem here...
I think you can find all the information you need in the WinPcap manual.
See in particular
Welcome to the enchanted world of kernel level programming and debugging!
First suggestion: it's normally not a good idea to make products based
on windows drivers (or modified versions of them) if you don't know what
you are doing more than well. It will very soon be a pain for your users
(unde
Ben,
Ben Greear wrote:
First, I was able to get bridging working on my XP box with the npf.sys
file that someone sent me. (I tried to thank them in person, but
email to their address bounces.)
I am having to poll the pcap_t device since I need to select on other
file descriptors & sockets, and I c
Not if you use wpcap.dll, since in that case the user-level packet
buffer is totally hidden by the API. If you want this kind of
information you probably need to use packet.dll, or patch wpcap.dll to
return it.
Loris
Fed wrote:
Hello all,
I have one question: is it possible to know how many p
any
more. The sources too are still available in the current winpcap tree.
Loris
Manfred Staudinger wrote:
Hi Loris, thank you for the answer. May I ask you, what was the
last WinPcap release to support Win98SE and whether it would be
possible to get it?
Regards, Manfred Staudinger
Loris De
If you mean CPU measurements while capturing packets with WinPcap, the
answer is yes.
You can start by giving a look at the following papers:
http://winpcap.polito.it/docs/WinPcap-SBAC03.pdf
http://netgroup.polito.it/fulvio.risso/pubs/iscc01-wpcap.pdf
Loris
Sabbiolina wrote:
Anyone do some test a
We (like MS, by the way) don't support Windows 95/98/ME any more. We
prefer to focus our limited amount of resources on enhancing and
supporting the WinNTx versions. Therefore, WinPcap for Win9x must be
taken "as is". Of course, we accept patches.
Loris
Manfred Staudinger wrote:
Hi, I downloade
Let me start spending a few words on the precision of WinPcap
timestamps, since a similar question has been raised yesterday by Paula
Doyle.
Like every open source (and most commercial) packet capture systems,
WinPcap relies on the underlying OS infrastructure to get the raw
packets from the n
First of all, please write in english on this mailing list.
Regarding your problem: try to install the core sdk from
http://www.microsoft.com/msdownload/platformsdk/sdkupdate.
Loris
Stefano Spinelli wrote:
Salve,
ho un problema con winpcap 3.1beta4.
In fase di compilazione (con MS Visual C+
Ethereal is based on winpcap, so the fact that it's able to keep up
means that either:
- there's something wrong in the way you interact with winpcap. For
example, your timeout is very short: this not only causes pcap_next_ex()
to timeout very often, but possibly increases CPU load.
- your appli
Joao Lopes wrote:
Hi :)
Anyone know how to use winpcap with MinGW ?
Download the winpcap developer's pack. Most of the example programs come
with a project for cygnus.
Loris
Other question ... how can i identify application layer protocol ( HTTP
, FTP , etc ) responsable for packet TCP x ?
Than
Guy,
Guy Harris wrote:
Nick Manoleras wrote:
As part of a monitoring App, I am using a program based on iflist.c to
return details of all interfaces in a machine. I encounter a problem
on windows 98 machines that have been allocated an address via DHCP.
They return an IP address of 0.0.0.0. (XP
François,
HAMON François wrote:
Hi,
I want to design a program, which can send packets from a libpcap format file to an Ethernet network. As the example in the WinPcap manual "sendcap.c", I use the following function of WinPcap(3.0) with Windows Net4.0 :
"pcap_open_offline" to open the capture,
"p
Guy Harris wrote:
> phengmaly peter wrote:
>
>> It seems to me, that the pcap_open_live's snaplen argument has only
effect when a BPF filter is set thereafter (pcap_setfilter).
>> Is it the intended functionality ? (both 3.0 and 3.1b4)
>
>
>
> At least on the original systems where BPF was impleme
Guy Harris wrote:
> Somebody trying to capture on a serial port in Ethereal sent a long
note about that to the Ethereal list:
>
> http://www.ethereal.com/lists/ethereal-users/200502/msg00140.html
>
> It says:
>
>> 5) Because Windows PPP support is new, there is nothing about it in
>> the Help
http://winpcap.polito.it/misc/faq.htm#Q-17
Loris
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 07, 2005 3:52 AM
> To: winpcap-users@winpcap.polito.it
> Subject: [WinPcap-users] How to Block packet
>
> Hi,
> can someone help me?
> I
I can see two reasons for that:
1. the winpcap driver is broken, and doesn't empty the kernel buffer when a
new filter is set. I'm pretty sure that the latest version (3.1b4) from the
WinPcap website behaves correctly from this point of view (i just cheked the
code), so you can try to install it i
Massimo,
did you compile the right version of winpcap? If you go to build->set active
configuration, you find several projects. You are probably compiling the one
without the new funtions.
Loris
> -Original Message-
> From: Massimo Sala [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, Decem
Hi,
>
> Dear sir/madam,
>
> I'm currently using your windump source code to develop a
> software which will be used to detect instruder base on MAC address.
Do you mean WinPcap? Using windump as a starting base for such a software is
not a great choice.
> I have copied and paste one of your
The filter compiler tries to resolve the host namese, so you can do
something like
host localhost and port 2404
but this will filter the packets with the loopback IP address.
Loris
>
> Hi
>
> Is it possible to filter all the TCP/IP traffic from / to
> the pc runnning WinPcap, without have
The WindowsCE porting of winpcap supports only the low-level packet.dll
library (PacketXXX functions). Moreover, as the download page states, we are
not able to give support for that version, and we currently don't have a
maintainer for it.
Loris
>
> Hi,
>
> I downloaded the "packetce.zip" file
Paal,
no, it's not possible to increase the priority of the WinPcap driver.
Actually, changing the priority is a concept that doesn't make a lot of
sense when talking about drivrs (the packet-capture part of the winpcap
driver runs at DPC level, and therefore has higher priority than any other
proc
Is your machine SMP?
Are you using the latest beta version of WinPcap?
Loris
> -Original Message-
> From: Venkatramani, Bharath
> [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 10, 2004 10:36 AM
> To: '[EMAIL PROTECTED]'
> Subject: [WinPcap-users] Timestamp synchronization issues...
Kraus,
Unlees you're using some kind of filter, WinPcap doesn't really make any
distinction among the packets. As a consequence, you are not seeing LSU
packets for two possible reasons:
- the packets don't actually reach the machine. You can try to use a capture
system different from WinPcap to und
Pawel,
what version of winpcap are you using? I remeber I fixed a
problem like the one you describe some time ago.
Loris
Hi!
I've tried write a NT Service which capture
network traffic using WinPcap libraries. I use MS VS .NET 2003 environment. As
type of my project I've
Hi,
>We have encountered two problems with winpcap:
>1. Using version 3.0 we have found that the non-paged pool is gradually
depleted. The symptoms are that the non-paged pool gradually grows to around
80 MB at which point users are
> unable to logon and applications begin failing. Through trial
Title: Does pcap_sendpacket() work on PPP, WinXp
Transmission is not supported on PPP adapters. This is
documented on the WinPcap website.
Loris
From: Shuy-Young Yung
[mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 3:41
PMTo: [EMAIL PROTECTED]Subject:
[WinPcap-user
rrors.)
>
> Basically, my desire is to modify tcpdump. I do not need to
> modify winpcap.
>
> Do I need to compile winpcap in order to compile tcpdump? Or
> can I simply use the precompiled winpcap files when I compile tcpdump?
>
> Thanks very much,
>
> Jesse
>
Jesse,
at http://winpcap.polito.it/docs/docs31beta4/html/index.html, you can find
some directions to compile WinPcap. Similar information can be found in the
readme-visualC and readme-cygwin files in the WinPcap source code. If you
want to improve these documents, you are of course welcome.
Loris
The speed of tg depends heavily on a number of factors, the most important
of wich are the CPU speed, the network card architecture (transfer type,
number of interrupts...) and the NIC driver. My experience is that on the
same machine results vary a lot with the card model, and sometimes just
upgra
Alex,
>
> Hello,
>
> I am building the application that must capture high volume
> of packets on several network devices with intensive variable load.
>
> On LINUX I can use "pcap_get_selectable_fd" and then use
> "select" to work with several devices in one thread.
>
> On Windows I have to
Matthew,
WinPcap by itself is not able at all to answer to ARP requests: winpcap is a
packet library that receives and sends raw traffic. An application that uses
WinPcap could answer to ARP requests, by I think this is not your case,
because it looks that the problems persists even if you uninstal
sh and sometimes they don't, just like my
> program
> /Lars
>
> -Original Message-
> From: Loris Degioanni [mailto:[EMAIL PROTECTED]
> Sent: 22. november 2004 19:37
> To: [EMAIL PROTECTED]
> Subject: RE: [WinPcap-users] crash
>
>
> What happens with t
What happens with the examples of the WinPcap developers's pack, e.g.
netmeter?
Loris
> -Original Message-
> From: Lars Larsen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 18, 2004 7:40 AM
> To: [EMAIL PROTECTED]
> Subject: [WinPcap-users] crash
>
>
> Hello World\n;
>
> Some
Hi,
>
> Hi Cary,
>
> <>
>
> I ran into this when I was first learning about WinPCap.
> Turns out that for packets transmitted from the machine on
> which you're running WinPCap, the padding bytes needed to
> bring packets up to the minimum Ethernet frame of sixty bytes
> (less the hardwar
Hi,
> Hi.
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: giovedi 11 novembre 2004 21.18
> > To: [EMAIL PROTECTED]
> > Subject: [WinPcap-users] setfilter
> >
> >
> > Hello...
> >
> > Can I set a new filter on an ongoing capture without
> missing a
The WinPcap tutorial
(http://winpcap.polito.it/docs/docs31beta4/html/index.html) contains quite a
lot of information about this.
Loris
> -Original Message-
> From: Venkatramani, Bharath
> [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 11, 2004 6:22 AM
> To: '[EMAIL PROTECTED]'
> S
Recent versions of WinPcap *should* check pretty toroughly the frame lenght
before sending it, because we had several bug reports (and bug fixes) in the
past on this matter. Rob, what version are you using?
Loris
> -Original Message-
> From: Guy Harris [mailto:[EMAIL PROTECTED]
> Sent: W
Marc,
>
> Hi
>
> How can I (easily) find out, if a captured ip-packet was
> received by my computer or sent?
>
> I tried this:
> reading the ip-address of the networkadapter with
> pcap_findalldevs() and compare it with the captured source-
> and destination-ip-address.
> but:
> on some mach
Use WaitForMultipleObjects(), feeding it with both the events.
Loris
- Original Message -
From: "Raymond Mercier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 2004 8:57 AM
Subject: [WinPcap-users] blocking read
Hi all,
I am writing some code in Windows environmen
Pedro,
first of all, try a wpcap-based application like windump or ethereal, and
check if they return something more than your application in the adapter
list. This allows to ensure that you parse the buffer returned by
PacketGetAdapterNames() in the correct way, and that you aren't victim of
o
David,
the drop counter in pcap_stats() shows the number packets rejected by the
NPF driver's tap function because of lack of space in the kernel buffer.
A cause of the difference between the user and kernel counters could be that
you have packets still to be processed by your application: the pa
Tyr to play with pcap_setmintocopy() to change the amount of buffering in
the driver. A small value of the size parameter should decrease the latency,
but will increase CPU usage under low network loads.
Loris
- Original Message -
From: "Dave Ungerer" <[EMAIL PROTECTED]>
To: <[EMAIL PR
Guy,
Gianluca Varenni wrote:
However, some files are installed directly to the system
folder, and cannot be moved out of those folders.
Because they're driver files, for example?
Yes. The driver goes to system32\drivers, the shared libraries to system32.
Loris
=
Guy,
> J. Thomsen wrote:
>
> > Is there a way to clear the receive buffer
> > for packets that are captured before one
> > sets bpf filters ?
>
> If there is any version of libpcap/WinPcap where setting the filter
> doesn't discard all previously-received packets, I'd consider that a bug
> - BP
pletely disengage
> from the networking stack?
>
> By the way, this might be a good one for the FAQ ;-)
> A.
>
>
> -Original Message-
> From: Loris Degioanni [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 13, 2004 12:41 PM
> To: [EMAIL PROTECTED]
> Subject: R
The WinPcap driver does a per-capture-instance binding on the underlying
networking architecture. This means that if you are not capturing, WinPcap
is not connected to the flow of packets in the networking stack, at all.
When you capture, the WinPcap driver is seen by the system as a protocol, so
i
If WinPcap doesn't report any drops, the problem may be in the lower layers
(i.e. NIC or NIC driver). The first step to locate it is probably trying
with a different network card and see what happens.
Loris
- Original Message -
From: "Eric St.John" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECT
I hardly believe that the NPF device driver, one of the main components of
WinPcap, will be able to run in an operating system different from Windows.
Actually, I'd consider it a software miracle.
BTW, why do you need WinPcap on Linux? There's already native support for
libpcap on that platform.
L
Gisle,
> > > Is the OID both read and write? Is it mondatory or optional?
> >
> > Not sure what you mean, but OIDscope (by PCAUSA) returns these
> > commands in response to the OID_GEN_SUPPORTED_LIST:
>
> How can I check if an OID is read-only?
>
By looking in the ddk help.
You search OID_GEN_MA
Gisle,
> Browsing through Packet32.c, I noted at some places GlobalAllocPtr()
> is used instead of simply a local PACKET_OID_DATA + suitable buffer
> when calling PacketRequest(). e.g. in PacketSetMaxLookaheadsize().
>
> Is there any "hidden" reason for this? Since overlapped I/O isn't used, I
>
his earlier ??
Thanks,
Devesh.
-Original Message-
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
Sent: Friday, July 23, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [WinPcap-users] How do I get the MAC address of the local
adapter opened
You don't access them, unless you export
You *got* the program compiled, and evidently you were able to run it too.
What would you expect to see besides an "interface not found" if you don't
install the WinPcap driver?
Loris
> i have installed winpcap 3.0 on a winXP machine. I am
> using msvc++ 6 to compile programs and run them. i
>
You don't access them, unless you export them and recompile the dll. They
are internal functions, not part of the public packet.dll API. If you need
the MAC address of a card, the best way in this moment is probably to query
it through an OID.
Loris
- Original Message -
From: "Devesh Puj
nk you. Are there any tests that will help me to identify the
> problem?
>
> -Original Message-
> From: Loris Degioanni [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 19, 2004 12:21 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [WinPcap-users] Changing filter condition dynamic
Until now, packet.dll has been used as the hardware-specific part of
WinPcap. It's able to detect adapters from different sources (registry, IP
Helper API, static definitions) and it supports packet capture from three
sources: the NPF driver, the Dag driver (for Endace cards) and the Netmon
API (fo
I hardly believe this. pcap_loop and pcap_next are simply two interfaces to
access the same underlying capture system, and your prblem is in the capture
systems.
Loris
> I need to change the filter condition dynamically. So I have another
> thread that changes filter expression.
>
> This code wo
Corrected and committed on the tcpdump.org CVS.
Loris
>
> On Jul 6, 2004, at 9:43 AM, Gisle Vanem wrote:
>
> > The definition of this macro in Win32/Include/ip6_misc.h seems to
> > be wrong. According to my Linux headers, it should be
> >
> > #define IN_EXPERIMENTAL(a) \
> > long int)
The same applies to the code written by us (the Netgroup at polito). The
licence of our code is the one at
http://winpcap.polito.it/misc/copyright.htm (although some pieces of code
still have the 4 clauses licence, but we can remove it without problems).
"Our code" means:
- the different versions
I think that under NT4 you need tcp/ip in order to capture with winpcap. The
reason, if I remember well, is that NT4 donesn't have the "72" registry hive
(\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}
), and so winpcap forced to gather information about the adapters fr
The batching between kernel level and user level is the default behavior of
WinPcap, and is done to minimize the number of context switches and
therefore increase performance. You can disable it using the
PacketSetMinToCopy
function(http://winpcap.polito.it/docs/docs31beta3/html/group__packet32.htm
I suggest the second solution. It ensures that no interaction happens
between the receive and send processes.
Loris
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 21, 2004 8:13 AM
Subject: [WinPcap-users] pcap_sendpacket and pcap_next_ex on same
No, sorry: it's still disabled. Nobody's had the time to work on it until
now.
Loris
> Hi all.
>
> I have a simple question to ask.
> Does kernel-dump work?
> I'm using packet.dll only.
> I've tried both 3.0 alfa, 3.1 beta.
> packet_set_mode() returns false.
>
> Thanks.
>
> Andrew Fedyashov
>
>
>
Hi,
> "Alan S. Jones" <[EMAIL PROTECTED]> said:
>
> > I have been watching some of the WinPcap 3.1 beta development along with
> > NMap development. At one point I ran into some problems with NMap after
I
> > upgraded to WinPcap 3.1 beta. Not figuring anything else out till I ran
> > across some
Guy,
> On Sun, Apr 18, 2004 at 02:43:05PM -0500, Alan S. Jones wrote:
> > My impression from reading the WinPcap list was that programs should not
> > need to make any changes to work between WinPcap 3.0 and 3.1.
>
> Applications using the raw packet-dll API *do* have to change:
>
> http://winpca
Fixed.
The fix will appear on the next version of WinPcap.
Thanks,
Loris
> Hi,
>
> With 3.1B I have found that if an invalid source parameter is passed to
> pcap_open then there is an access violation. e.g. pass "foo" as the
source.
> The problem appears to be in PacketOpenAdapterDAG where the re
To receive packets, use one of the cards supported by WinPcap (there's a
list of cards at
http://home.comcast.net/~jay.deboer/airsnare/supported.htm) and the normal
capture procedure (you can start from one of the samples in the developer's
pack). You will see Ethernet frames, since 802.11 is still
Does the remote user have admin privileges, needed to start the driver?
Does WinDump see any adapter on the machine?
What happens if you login locally?
Have you tried WinPcap 3.1b?
Is there any firewall, VPN or other similar stuff on the machine?
Loris
> We have a client, who is using our applic
http://winpcap.polito.it/misc/copyright.htm
Loris
> Hi,
>
> I would like to ask about the license conditions if I use WinPcap
> library in developing a commercial software. If I'm going to distribute
> the WinPcap binary files with my software, what should I do ?
> And if I don't distri
API.
> Download named "SnoopMSNBlock-a.exe" linked as follows.
>
> http://www.snoopanalyzer.com/download/download.asp
>
> I would tell that I thank Loris Degioanni, Fulvio Risso and Gianluca
Varenni
> for publishing and managing WinPcap.
>
> Thank you.
>
>
>
> ==
What version of WinPcap are you using? Try the latest one (3.01a): we fixed
some bugs related to adapter listing recently.
Loris
> Hi;
> Even npf is runnning, windump -D can't detect any
> interface.
> My machine is IBM thinkpad T30 and the built in LAN
> is Intel 8255x-based Integrated Fast Eth
Which network adapter are you using? Some adapters (for example gigabit
adapters that do TCP offloading) don't deliver all the packets to the
application.
Knowing the kind of packet you are missing would help to understand if this
is the reason.
Loris
> it is amazing but true, that one particula
If I remember well, the call to CreateFile in PacketOpenAdapter() loads the
vxd into memory before opening the handle, so you simply need that function
to dynamically install the driver.
Loris
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
>
> I want to write a program tha
>
> On Nov 12, 2003, at 12:19 PM, Loris Degioanni wrote:
>
> > This is the default behavior of the WinPcap device driver. In order to
> > always get the packets as soon as they arrive in the buffer, you must
> > use
> > packet.dll, setting mintocopy=0 (see
>
With every probability, your machine is connected to a switch. You cannot
see the traffic of the other machines simply because it is not forwarded to
you.
Loris
> Good afternoon,
>
> I'm trying to use Ephereal to sniff data on my network, but it's only
> picking up broadcast packets, and packets
This is the default behavior of the WinPcap device driver. In order to
always get the packets as soon as they arrive in the buffer, you must use
packet.dll, setting mintocopy=0 (see
http://winpcap.polito.it/docs/man/html/group__packet32.html#a12) and
readtimeout=0 (see
http://winpcap.polito.it/docs
I've spent *a lot* of time on this bug during summer holidays and I thought
that it was fixed, but a tester reported me that it seems still present
despite my fixes. Now I'm away from university for a couple of months, so
I'm not able to work on it until december. However, I suppose that "some one
Did you click on the link below or did you paste it in your mail client?
Loris
>
> If I send the mail as requested:
>
> mailto: [EMAIL PROTECTED]
>
> I get an error back.
>
> Please advice.
>
>
> ==
> This is the WinPcap user
Hi,
> Dear WinPcap's contributors,
>
> I'm developing an application to send/receive packets by using
> WinPcap 3.0 through wireless LAN. During my test of the program,
> I found the following two strange behaviours probably caused by
> WinPcap 3.0. I shall appreciate any suggestions or clues
Unfortunately, winpcap can do very few to solve this kind of problems. Its
packet driver delivers to the user the packets that NDIS provides him. As a
consequence, when something underneath changes (possibly in a non standard
way) the behavior of NDIS, the packet driver has no mean to see the actua
Two new papers are available in the documentation section of the WinPcap
website (http://winpcap.polito.it/docs).
The first one (Profiling and Optimization of Software-Based Network-Analysis
Applications)
contains a performance analysis of WinPcap and the description of some
solutions adopted to i
Can you suggest your users to try WinPcap 3.01a? It fixes a bug in
PacketGetAdapterNames() that causes problems similar to the ones that you
describe.
Loris
> I have an app that uses winpcap 3.0 and about 20,000 people who have
> installed it over the last few weeks. I've gotten a handful of us
Grant,
> Hi guys,
>
> I'm the guy that runs the mirror of the Winpcap/Windump/Analyzer files at
> Wiretapped in Sydney, Australia.
>
> At some stage, your site stopped allowing directory listings on the
> /install/bin directory of the winpcap/windump.polito.it sites.
>
> Sadly, this prevents me f
the results (also if you
don't notice any BSOD) within some days from now? It would help me to
understand if these fixes solve your problem or if the driver needs further
debugging.
Loris
> "Loris Degioanni" <[EMAIL PROTECTED]> said:
>
> > Can you try the driver
Can you try the driver attached to this message and tell me if the bug
persists?
You must:
- unzip the attached npf.sys and copy it over the old one in
windows\system32\drivers
- issue a "net stop npf" from a command line prompt
- run nmap again
Loris
> Lately while using nmap I've been getting
It should, in the sense that it can open NdisMediumAtm interfaces. However,
I never tested one of such interfaces.
Loris
> Hi,
> Does winpcap support capture of ATM traffic via an ATM interface on a
> Windows 2000 machine?
>
> thanks,
> Victor
>
>
>
>
Hi,
>
> Hi all !
>
> 1. The *final* version of V3.0 (as downloaded from the website)
> reports itself (PacketGetVersion() call) as "3.0 alpha 3",
> which is probably not what we want :)
I have already fixed this issue. From next version of packet.dll
PacketGetVersion() will look at the v
What method are you using to send the packets? What is the performance on
your machine of the sendcap and tg programs, provided in the WinPcap
developer's pack?
Loris
- Original Message -
From: "Areg Alimian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 11, 2003 5:12
Hi,
> Hi all,
>
> > - GetNetInfo *is* Win32 specific, like packet.dll. On the other side,
> > wpcap.dll exports a superset of the the libpcap library, which is
> > system independent. Providing link layer information on the
> > pcap_if_t structure means offering a method to retrieve it in the
> >
You can probably use PacketRequest with the OID_GEN_MEDIA_CONNECT_STATUS
OID.
Loris
- Original Message -
From: "fyaowen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 06, 2003 4:04 AM
Subject: [WinPcap-users] Is cable plugged in?
> Can I get to know whether the ca
Hi,
>
>Hi all,
>
>> In my opinion, storing the MAC address inside the pcap_if_t
>> structure could be a useful feature, currently I'm adding
>> somthing similar in packet.dll.
>Personally, I feel this belongs in Packet, not Pcap. Then again,
>there already *is* the GetNetInfo call which provides
The NPF driver doesn't support overlapped IO. However, you can probably
obtain the result you need using the ReadEvent filed of the ADAPTER
structure or the handle returned by pcap_getevent().
Loris
- Original Message -
From: "Fred N. van Kempen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED
In my opinion, storing the MAC address inside the pcap_if_t structure could
be a useful feature, currently I'm adding somthing similar in packet.dll.
However, this mailing list is not the right place to request it, since
pcap_if_t is a structure defined by libpcap, that is included in WinPcap but
t
No, as far as I know. In every case WinPcap has nothing to do with raw
sockets, so the fact that the second work doesn't imply that the first will
work as well.
Loris
> By the way, can I send packets on PPP?
> I heard windows raw sockets also had a bug in PPP, yet it worked here.
>
> Daniel
> ---
I
> open it (packet.dll)?
>
> Daniel
> - Original Message -
> From: "Loris Degioanni" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 14, 2003 9:28 AM
> Subject: Re: [WinPcap-users] Default HW filter?
>
>
> > Pr
n't interact in any way with
the NIC driver or with NDIS. It simply perfroms registry queries. If you
confirm that
keyHandle is invalid, this can be only due to a problem in ZwOpenKey, which
has nothing to do with the adapter model.
Loris
> Thank you again for your response,
> P
\Device\Packet_NdisWanIp is the device that tcpip.sys uses to bind over
ndiswan.sys. WinPcap is able to list it and to open it, but capturing on
this device causes tcp/ip to stop sending and receiving packets.
\Device\Packet_NdisWanBh is used by MS Netmon for the same purpose. You can
capture over
1 - 100 of 319 matches
Mail list logo
