[WinPcap-users] install pcap without installing?

2004-05-13 Thread Axel Bock 
Hi,

I have written a pcap program to analyze network traffic. BUT now I have 
to install this program on different machines, and due to the nature of 
the project (foreign machines with foreign admins :-) I simply cannot 
install winpcap on any of them.

Now I am searching for a method to just copy in the program - create a 
directory, copy all dlls into it (done - packet.dll and wpcap.dll as far 
as I know), and run the program.

Alas - no way. pcap does not find any devices.

Now can anyone tell me how to do this manually? It's a bit important (of 
course :-)

many thanks in advance  greetings,

axel.

==
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use 
mailto: [EMAIL PROTECTED]
==

Re: [WinPcap-users] Odd behavior (sort of a bug)

2004-05-13 Thread Gianluca Varenni 
- Original Message - 
From: Rob Henningsgard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 9:51 PM
Subject: [WinPcap-users] Odd behavior (sort of a bug)


 Hello all,

 Has anybody else run WinPcap 3.1 beta 2 in Win2000 with no
 TCP-IP installed on the machine?  I've been running fine
 for weeks with TCP-IP disabled, but then I realized that with
 all of the stupid TCP and UDP listening ports Windows opens up
 (can you say, virus invitations?), I really didn't want TCP-IP
 installed at all.  So I removed TCP-IP, and re-ran my program.

 Surprise!  WinPcap (OK, actually Packet32) throws up errors
 saying,  Can not find TCP/IP bindings.  In order to run the
 packet capture driver you must install TCP-IP.

 Guess what?  It is not true!  WinPcap runs perfectly with no
 TCP-IP driver installed, both with my own application and
 with Ethereal (although Ethereal _does_ throw an access violation
 when you quit the program).

Hi.

You are right, there's a bug in packet.dll under NTx that causes winpcap
3.1beta2 to show that message if TCP/IP is removed from the machine. I've
corrected that bug in our source tree, and it be available in winpcap beta3,
that will be released in a week.


 So has anybody else encountered this?  I just joined MSDN and
 have not received, installed, or tested my DDK yet, so I am
 not comfortable rebuilding Packet32.DLL with the error message
 and false return to PacketGetAdapterNames() commented out
 (about line 1671 of Packet32.C).  Could somebody on the list
 perhaps do a quick build of that for me?  I'd be much obliged.

Why the DDK? You don't need the DDK to compile packet.dll, you need VC6 plus
the platform sdk.

Have a nice day
GV


 Thanks to all,

 Rob---


 -
 LapTwo Technology Corporation Phone: 763-633-9434
 16820 Highway 10, Suite 130 Fax: 253-276-2755
 Elk River, Minnesota 55330  http://www.laptwo.com
 -


 ==
  This is the WinPcap users list. It is archived at
  http://www.mail-archive.com/[EMAIL PROTECTED]/

  To unsubscribe use
  mailto: [EMAIL PROTECTED]
 ==






==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==

Re: [WinPcap-users] install pcap without installing?

2004-05-13 Thread Gianluca Varenni 
WinPcap installs a kernel driver, too (npf.sys).

Why don't you use the so-called transparent-installation?

It's available in the download page,
http://winpcap.polito.it/install/default.htm

Have a nice day
GV


- Original Message - 
From: Babu Shankar [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 1:28 PM
Subject: RE: [WinPcap-users] install pcap without installing?


 You Have to copy these files on to the Syetem32 folder of Windows and not
 where your program sits.
 It would be the Windows Directory \System32 on WinXP, WinNT\System32  on
 WInServer so on...

 -Original Message-
 From: Axel Bock [mailto:[EMAIL PROTECTED]
 Sent: Thursday, May 13, 2004 3:02 PM
 To: WinPCAP mailing list
 Subject: [WinPcap-users] install pcap without installing?


 Hi,

 I have written a pcap program to analyze network traffic. BUT now I have
 to install this program on different machines, and due to the nature of
 the project (foreign machines with foreign admins :-) I simply cannot
 install winpcap on any of them.

 Now I am searching for a method to just copy in the program - create a
 directory, copy all dlls into it (done - packet.dll and wpcap.dll as far
 as I know), and run the program.

 Alas - no way. pcap does not find any devices.

 Now can anyone tell me how to do this manually? It's a bit important (of
 course :-)


 many thanks in advance  greetings,

 axel.


 ==
  This is the WinPcap users list. It is archived at
  http://www.mail-archive.com/[EMAIL PROTECTED]/

  To unsubscribe use
  mailto: [EMAIL PROTECTED]
 ==



 ==
  This is the WinPcap users list. It is archived at
  http://www.mail-archive.com/[EMAIL PROTECTED]/

  To unsubscribe use
  mailto: [EMAIL PROTECTED]
 ==






==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==

Re: [WinPcap-users] Odd behavior (sort of a bug)

2004-05-13 Thread Gianluca Varenni 

- Original Message - 
From: Rob Henningsgard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 2:52 PM
Subject: Re: [WinPcap-users] Odd behavior (sort of a bug)


 Gianluca,

 It is not true!  WinPcap runs perfectly with no TCP-IP driver

 You are right, there's a bug in packet.dll under NTx that causes
 winpcap 3.1beta2 to show that message if TCP/IP is removed

 Oh good!  I'm really glad to hear that it's a bug, and not
 that I was doing something dumb (which happens often enough).

 I've corrected that bug in our source tree, and it be available
 in winpcap beta3, that will be released in a week.

 That is just super!  You and your colleagues are the greatest.

 have not received, installed, or tested my DDK yet

 Why the DDK? You don't need the DDK... you need VC6 plus
 the platform sdk.

 Oh, got it.  Actually, I don't have VC6 either.  I only recently
 converted from seventeen years of using only Borland tools, and
 I bought Visual Studio .NET Pro.  So the only VC I've got is 7.0.

What's the problem, then? You can import the VC6 project into VC 7.0, and
compile with that compiler. I develop and build with VC7.1 (but I build the
official release with VC6.0 because of compatibility reasons).

Have a nice day
GV



 I got the MSDN DDK because I will eventually need to write an
 NDIS miniport driver, to sit in front of Windows TCP-IP and
 filter out packets I do not want Windows to ever see.

 Have a nice day, GV

 Thanks again for everything, Gianluca.

 Rob---

 -
 LapTwo Technology Corporation Phone: 763-633-9434
 16820 Highway 10, Suite 130 Fax: 253-276-2755
 Elk River, Minnesota 55330  http://www.laptwo.com
 -


 ==
  This is the WinPcap users list. It is archived at
  http://www.mail-archive.com/[EMAIL PROTECTED]/

  To unsubscribe use
  mailto: [EMAIL PROTECTED]
 ==






==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==

RE: [WinPcap-users] Odd behavior (sort of a bug)

2004-05-13 Thread Fulvio Risso 


 -Original Message-
 From: Rob Henningsgard [mailto:[EMAIL PROTECTED]
 Sent: giovedi 13 maggio 2004 14.52
 To: [EMAIL PROTECTED]
 Subject: Re: [WinPcap-users] Odd behavior (sort of a bug)
 
 
 Gianluca,
 
 It is not true!  WinPcap runs perfectly with no TCP-IP driver
 
 You are right, there's a bug in packet.dll under NTx that causes 
 winpcap 3.1beta2 to show that message if TCP/IP is removed
 
 Oh good!  I'm really glad to hear that it's a bug, and not
 that I was doing something dumb (which happens often enough).
 
 I've corrected that bug in our source tree, and it be available 
 in winpcap beta3, that will be released in a week.
 
 That is just super!  You and your colleagues are the greatest.

What about a gift?
  http://winpcap.polito.it/misc/wlist.htm

;-)

Cheers,

fulvio


==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==

RE: [WinPcap-users] Capture packets, Process, Continue...

2004-05-13 Thread Bala, Srinath 
Title: Message



I am using a 3COM 
3C905C-TX adapter.
I guess my real question 
is:
if I am using 
pcap_next_ex() in a loop, and doing other operations in the loop after receiving 
the pkt, for say 10ms, do I loose packets being received during those 10ms 
???
Or does winpcap keep the 
pkts, do they can be processed the next time I call pcap_next_ex() 
???

pseudo 
code:

while 
(1)
{
if (pcap_next_ex() == 
1)
 {
 do 
something with pkt(10ms loop)
 }
}

Thanks, 
Srinath



  -Original Message-From: Robert Thornthwaite 
  [mailto:[EMAIL PROTECTED]Sent: Thursday, May 06, 2004 
  8:42 PMTo: [EMAIL PROTECTED]Subject: RE: 
  [WinPcap-users] Capture packets, Process,  
  Continue...
  Srinath,
  
  You 
  do not say what kind of adapters you are using. 
  
  
  I 
  have been using gigabit adapters and trying to transmit and receive packets at 
  gigabit speeds using WinPcap on Windows XP. My experience is that 
  if you are trying to sustain a data transfer for much longer than 5000 packets 
  you will begin to lose packets. The Intel 1000/PRO adapters 
  are a little better than the 3com adapters. I have found 
  that I can get more reliable transmission if I run the gigbit adapters at 
  100mb speeds. My experience is that fewer packets are lost 
  when doing a sustained transfer at 90% of the 100Mbit link than when 
  transferring data at the same rate over a gigabit link. The 
  problem seems to be that OS and drives cannot cope with transmissions that 
  happen in bursts unless the bursts are quite small say 1000 packets with an 
  interval of dead time between the bursts. I am only trying 
  to use one adapter in each PC.
  
  With 
  the current driver design I do not believe it is possible to get more than 20% 
  of the bandwidth of Gigabit Ethernet even if one avoids large bursts of 
  packets. As you approach 20% many packets will be 
  lost.
  
  In 
  summary I would say that if you need capture packetswith gigabit 
  adapters you are going to be disappointed. There is a 
  company called Endace that sells a hardware/software solution for 
  Linux.I have not been able to find out exactly what 
  Endacewill offer for Windows. There may be other Linux 
  solutions. I think the WinPcap developers may be 
  working on something.
  
  Regards,
  Robert
  
  
  -Original Message-From: Bala, 
  Srinath [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 
  2004 4:18 PMTo: 
  '[EMAIL PROTECTED]'Subject: [WinPcap-users] Capture 
  packets, Process,  Continue...
  

Hello,
I have used winpcap so 
far to be able to capture packets, and process them, from more than 1 
adapter.
Whiledoing so, some 
packets from an adapter do NOT get captured, as the pcap_next_ex() for that 
adapter is not being called at this very moment.
I believe this means 
using threads is a must, right ?
Can winpcap allow packets 
to be captured in a BIG buffer for future processing? and still allow ALL 
packets to be captured ?
Could packet.dll help in 
this regard, as it is more low level than winpcap ?
Thanks, 
Srinath

[WinPcap-users] FW: WinPCAP Functions

2004-05-13 Thread Babu Shankar 
Hi All,

am currently using WinPcap 2.1 version.
I have used functions like
PacketGetAdapterNames
PacketOpenAdapter
PacketSetHwFilter
and these functions were available in the documentation earlier provided,
but now functions are something similar to pcap  etc for all new
versions. Can anyone tell me what is the difference and do i need to change
my code and rewrite them again inorder to use WinPcap 2.3 and more.



==
 This is the WinPcap users list. It is archived at
 http://www.mail-archive.com/[EMAIL PROTECTED]/

 To unsubscribe use 
 mailto: [EMAIL PROTECTED]
==