Hi.
The packts you're capturing are related to the RPCAP protocol itself.
I woulr like to add a filter so that the RPCAP daemon does not capture its
own packets.
I hope to be able to do that in a couple of weeks, before releasing Winpcap
3.01 beta.
Thanks for the several guys that pointed us this problem.
Cheers,
fulvio
> -----Original Message-----
> From: Jang Choe [mailto:[EMAIL PROTECTED]
> Sent: venerd́ 26 settembre 2003 19.11
> To: [EMAIL PROTECTED]
> Subject: Re: [WinPcap-users] stoppin the mindless chatter between source
> and destination
>
>
> I did some more extensive searching and found this in the archive
> that told
> me why the chatter is being generated.
> http://www.mail-archive.com/[EMAIL PROTECTED]/msg01300.html
>
> But I would I fix it so it will only capture the 'norma' traffic? Should I
> make a filter, or is there a better way to do this? Thank you.
>
>
>
> ----- Original Message -----
> From: "Jang Choe" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, September 24, 2003 3:40 PM
> Subject: [WinPcap-users] stoppin the mindless chatter between source and
> destination
>
>
> > I just created a small, simple program that will capture
> packets remotely
> > from a machine running rpcapd.
> >
> > I am able to create a connection between my program and rpcapd using
> active
> > mode, but I get tons of empty packet data between the host and
> client. The
> > packets consist of PSH ACK and ACK packets being sent from rpcapd and my
> > program. I am using function pcap_remoteact_accept() to create my
> connection
> > with the active rpcapd. With function pcap_next_ex(), I am capturing the
> > packets. I save the captured file with pcap_dump().
> >
> > When I view the file I saved on Ethereal, I see that I am
> capturing those
> > PSH ACK and ACK packets. They are empty and those empty packet data is
> being
> > sent from the source (rpcapd) to my program. And my program is
> sending the
> > similar empty packets back to the source (rpcapd). This is
> happening every
> > 0.20 seconds, back and forth. The packet len from the source (rpcapd) to
> my
> > program is 270. And my program seems to be replying with packet size len
> 60.
> > But I think these values are arbitrary. How can I get this empty chatter
> to
> > stop? Is this normal? Thank you.
> >
> >
> >
> >
> >
> > ==================================================================
> > This is the WinPcap users list. It is archived at
> > http://www.mail-archive.com/[EMAIL PROTECTED]/
> >
> > To unsubscribe use
> > mailto: [EMAIL PROTECTED]
> > ==================================================================
> >
>
>
>
> ==================================================================
> This is the WinPcap users list. It is archived at
> http://www.mail-archive.com/[EMAIL PROTECTED]/
>
> To unsubscribe use
> mailto: [EMAIL PROTECTED]
> ==================================================================
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
