Hello, We are using a silent installer for winpcap. On several computers we found that during exploitation wpcap.dll disappeared. As far as I know nobody removed this dll manually.
Is it possible that another application removed this dll? Thank you Alex -----Original Message----- From: Loris Degioanni [mailto:[EMAIL PROTECTED] Sent: Friday, May 06, 2005 2:52 PM To: winpcap-users@winpcap.polito.it Subject: Re: [WinPcap-users] Re: Capture Filter on port - strange behavior You said in your previous mail that you were using WinPCap 3.0. Did you try 3.1b4 too? Do you have the same results? Loris James Garrison wrote: > I tried doing the capture using only the example files > incuded in the PCap developer's kit, compiled under cygwin, > and got exactly the same results. > > ./pf -i "\Device\NPF_{31D5255E-54E4-482B-B31C-58CA451DBFFE}" \ > -o test.dat -p "port 25" > > The resulting capture file contains only one side of the > conversation. However, > > ./pf -i "\Device\NPF_{31D5255E-54E4-482B-B31C-58CA451DBFFE}" \ > -o test2.dat > > contains both sides. I converted the output into text by > copying the raw capture files to a Linux (RH Fedora Core 3) > system and using "tcpdump -r". In the listings below > 10.56.8.41 is my client system, and 67.97.236.234 is the > smtp server. The server is one network hop away and physically > in the room next door. > > test.dat - captured using "port 25" as a filter > >> 10.56.8.41.3607 > 67.97.236.234.smtp: S 4157222901:4157222901(0) win >> 65535 <mss 1360,nop,nop,sackOK> >> 10.56.8.41.3607 > 67.97.236.234.smtp: . ack 459380354 win 65535 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 0:19(19) ack 119 win 65417 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 19:29(10) ack 404 win 65132 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 29:149(120) ack 433 win 65103 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 149:232(83) ack 555 win 64981 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 232:309(77) ack 884 win 64652 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 309:548(239) ack 1183 win 64353 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 548:581(33) ack 1244 win 64292 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 581:628(47) ack 1283 win 64253 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 628:663(35) ack 1322 win 64214 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 663:726(63) ack 1381 win 65535 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 726:778(52) ack 1446 win 65470 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 778:805(27) ack 1499 win 65417 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 805:1510(705) ack 1566 win 65350 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 1510:1534(24) ack 1566 win 65350 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 1534:1561(27) ack 1659 win 65257 >> 10.56.8.41.3607 > 67.97.236.234.smtp: . ack 1748 win 65169 >> 10.56.8.41.3607 > 67.97.236.234.smtp: P 1561:1584(23) ack 1748 win 65169 >> 10.56.8.41.3607 > 67.97.236.234.smtp: F 1584:1584(0) ack 1748 win 65169 > > > test2.dat - captured with no filter specified > >> 10.56.8.41.3810 > 67.97.236.234.smtp: S 1079252123:1079252123(0) win >> 65535 <mss 1360,nop,nop,sackOK> >> 67.97.236.234.smtp > 10.56.8.41.3810: S 581786450:581786450(0) ack >> 1079252124 win 17680 <mss 1460,nop,nop,sackOK> >> 10.56.8.41.3810 > 67.97.236.234.smtp: . ack 1 win 65535 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1:119(118) ack 1 win 17680 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 1:20(19) ack 119 win 65417 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 119:404(285) ack 20 win 17661 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 20:30(10) ack 404 win 65132 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 404:433(29) ack 30 win 17651 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 30:150(120) ack 433 win 65103 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 433:555(122) ack 150 win 17531 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 150:233(83) ack 555 win 64981 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 555:884(329) ack 233 win 17448 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 233:310(77) ack 884 win 64652 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 884:1183(299) ack 310 win 17371 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 310:549(239) ack 1183 win 64353 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1183:1244(61) ack 549 win 17132 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 549:582(33) ack 1244 win 64292 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1244:1283(39) ack 582 win 17099 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 582:629(47) ack 1283 win 64253 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1283:1322(39) ack 629 win 17052 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 629:664(35) ack 1322 win 64214 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1322:1381(59) ack 664 win 17017 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 664:727(63) ack 1381 win 65535 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1381:1446(65) ack 727 win 16954 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 727:779(52) ack 1446 win 65470 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1446:1499(53) ack 779 win 16902 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 779:806(27) ack 1499 win 65417 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1499:1566(67) ack 806 win 16875 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 806:1508(702) ack 1566 win 65350 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1566:1657(91) ack 1508 win 17680 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 1508:1535(27) ack 1657 win 65259 >> 67.97.236.234.smtp > 10.56.8.41.3810: P 1657:1745(88) ack 1535 win 17653 >> 67.97.236.234.smtp > 10.56.8.41.3810: F 1745:1745(0) ack 1535 win 17653 >> 10.56.8.41.3810 > 67.97.236.234.smtp: . ack 1746 win 65171 >> 10.56.8.41.3810 > 67.97.236.234.smtp: P 1535:1558(23) ack 1746 win 65171 >> 10.56.8.41.3810 > 67.97.236.234.smtp: F 1558:1558(0) ack 1746 win 65171 >> 67.97.236.234.smtp > 10.56.8.41.3810: R 1746:1746(0) ack 1558 win 0 >> 67.97.236.234.smtp > 10.56.8.41.3810: R 581788196:581788196(0) win 0 > > > My system is a Dell Latitude C840 with an integrated 3COM 3C920 > (3C905C-TX) network adapter. The OS is Windows XP SP2 with all > current patches. > > ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================