Vasily Borovyak wrote:
I'm using Ethereal 0.10.3 and WinPCap 3.0. WinXP-SP2
Filter was port 25.
And I've captured both incoming and outgoing packets.
So, the problem I think is in the Ethereal sources.
Unlikely, given that Ethereal doesn't do anything particularly unusual
with libpcap/WinPcap
sadhiya a wrote:
can we sniff wireless packets with winpcap.
In some circumstances. Windows is *very* unhelpful here, as it doesn't
provide standard OIDs for putting cards into monitor mode or provide a
way for an NDIS driver to supply packets with 802.11 headers to the
networking stack, so
Ben Greear wrote:
Right, but I _also_ need to select on other tcp sockets. It seems there is
nothing in Windows that will select/wait on both at the same time.
Does Windows - or, at least, the NT versions of same (NT 4.0, W2K, WXP,
WServer2K3, etc.) - support any call that returns a HANDLE for a
Dave Barratt wrote:
Is there a way of setting up winpcap to allow VLAN tag headers (802.1q)
through? They seem to be removed by default. You would see the headers
if you are tapped into the VLAN trunk link (i.e. core switch links).
See
http://wiki.ethereal.com/CaptureSetup_2fVLAN
for
Dave Barratt wrote:
Is there any method in winpcap for getting the received frame hardware
CRC (the 4 bytes following the end of the frame data)?
No. Some Windows drivers *might* either supply that by default, or
might do so if configured appropriately, but there's no standard way to
request
Ankur Aggarwal wrote:
Currently I just configure the radio mode (.11 a/b/g) and the channel
number and my adapter starts writing the packets into the binary file.
Now, in order to be able to monitor in real-time what kind of packets
I am capturing, I would like to interface it with
Pegasus wrote:
The problems I am facing are:
1) How do I transfer the rf information to ethereal (WinPcap seems to
be converting wireless packet to fake Ethernet packets do not have
those fields)
No. It's not WinPcap that's doing with that.
If you capture with Ethereal - or WinDump, or Analyzer,
On Mar 30, 2005, at 5:49 PM, Mario Hollibaugh wrote:
Yeah i felt like a jackass because I looked up pretty much the
exact thing you did a few minutes ago and realized that the IHL
field is the length in 32-bit words. But I'm sitll lost here...
I'm not the best programmer in the world
On Mar 30, 2005, at 1:44 PM, Mario Hollibaugh wrote:
I am no expert with winpcap by far, but The first thing that
strikes me is that you are defining your packet handler as a member
of the class TableState. Perhaps your callback function,
packet_handler... whatever you decide to call it,
On Mar 24, 2005, at 3:18 PM, Tom Brown wrote:
Thanks for your feedback. It made me inspect my application a
little closer. I
think I found the source of my problem. I was checking caplen for a
minimum
value. If it was less than a certain value I would ignore the
packet. When I
logged the
Guy Harris wrote:
At least on the original systems where BPF was implemented, the snapshot
length was supplied by the BPF program; the return instruction in BPF
includes a snapshot length value, which, if zero, means discard this
packet. On those systems, you need a BPF program to supply
Fulvio Risso wrote:
GenericDialUpAdapter sounds better to me.
...although if you think of dial-up as opposed to, for example,
broadband, is the NDISWAN stuff used for PPPoE or PPPoA for ADSL?
==
This is the WinPcap users list. It
phengmaly peter wrote:
It seems to me, that the pcap_open_live's snaplen argument
has only effect when a BPF filter is set thereafter (pcap_setfilter).
Is it the intended functionality ? (both 3.0 and 3.1b4)
At least on the original systems where BPF was implemented, the snapshot
length was
Somebody trying to capture on a serial port in Ethereal sent a long note
about that to the Ethereal list:
http://www.ethereal.com/lists/ethereal-users/200502/msg00140.html
It says:
5) Because Windows PPP support is new, there is nothing about it in
the Help portion of Ethereal (Live
On Jan 14, 2005, at 4:35 PM, Ed Remmell wrote:
I was able to work-around this by recoding to call pcap_lookupnet
instead of
PacketGetNetInfo. I noted that the latest Ethereal code also calls
pcap_lookupnet, so I expect this API will be supported for awhile even
though you have deprecated it in
Tuan Ha Ngoc Minh wrote:
Thanks. By the way, how can I convert the hostname from char FAR *
to string so that I can reformat it ?
FAR is, as far as I know, a tag dating back to the 16-bit mode for x86
processors, where you had to worry about 16-bit unsegmented and 32-bit
segmented processors.
Tecnowatt - Massimo Sala wrote:
I read RFC, and I understand this about TCP flags:
ACK PUSHthe packet contain data
If you mean that a packet with ACK and PUSH set will contain data,
that's probably true. (I don't know whether any TCP implementations set
PUSH on segments not containing data;
To translate an IP address to a host name, use gethostbyaddr(). It's
present in all modern UN*X systems and, as far as I know, in Winsock and
Winsock2 in all Win32 systems.
==
This is the WinPcap users list. It is archived at
On Jan 10, 2005, at 1:03 PM, Rob Henningsgard wrote:
Why wouldn't you just look at the packet length, and discard any
with lengths of sixty bytes or less?
...on Ethernet, at least. On other networks, the number might be
different (as the link-layer header has a different length, and as
there
On Jan 10, 2005, at 2:02 PM, Guy Harris wrote:
However, checking for a length 60 is probably close enough on
Ethernet. It might catch some TCP segments with a small amount of
data (14+20+20+6 = 60, so, for example, TCP segments with up to 6
bytes and no IP or TCP options would be captured
On Dec 29, 2004, at 9:03 AM, Massimo Sala wrote:
Starting as a new winpcap developers, I have doubts about APIs return
codes.
In the help files and the code snippets they look different:
Examples: different functions fails when...
- func() != 0
- func() == -1
- func() 0
When the function return
Massimo Sala wrote:
About pcap_major_version() and pcap_minor_version():
- if they return the version of an existent dump file, I agree they need
a previous call to pcap_open_offline() or pcap_open() to open the file
and read its header
- if they return the current version of the file header,
Massimo Sala wrote:
I feel useful to read pcap_major_version() and pcap_minor_version() at the
application startup.
Unfortunately they require a open pcap_t handle, so I cannot check the version
before pcap_open().
Do they really need the handle to work ?
Yes.
The WinPcap documentation, and the
Tuan Ha Ngoc Minh wrote:
Im currently using your windump source code to develop a software which
will be used to detect instruder base on MAC address.
Note that, unless the intruder is on the same LAN segment, the source
MAC address on the packet will be the source address of the network
Paal Grana wrote:
We are working on a processing system which uses UDP to receive raw
data. The burst data rate is about 325 MBit/sec and the packet rate is
about 28500 packets/sec. Our challenge is to receive these data without
loosing anything (or as little as possible). We are using WinPcap
Alex Narinsky wrote:
From the Cisco tutorial (http://www.cisco.com/warp/public/701/3.html)
the net mask combination 172.16.50.1 255.255.255.0 is valid.
However, when I apply this combination to windump -
windump net 172.16.50.1 mask 255.255.255.0
I am getting the error:
windump: non-network bits
Zemer Margolin wrote:
I am currently working on a converter that converts captured packets from one
format to another.
One way to do that might be to contribute to Ethereal:
http://www.ethereal.com/
code to read the format from which you're converting - Ethereal has a
limited ability to
Adam Steiner wrote:
Just wanted to thank the guys that replied and give an update:
I ran into someone else with a similar issue. Apparently the old
version of winpcap (or ethereal or the combo)
Ethereal only interacts with network interfaces through libpcap/WinPcap,
so it's extremely unlikely
Fulvio Risso wrote:
This beaviour is needed, otherwise you may receive packets satifying the old
filter after setting the new one.
Absolutely. The same is done in the BPF code in BSD. It's not done in
the Linux socket filter code - but people complained about that, because
they set a filter
Venkatramani, Bharath wrote:
This is what I'm trying to do.
1. Dump packets into a file (we'll call it src.cap).
2. Apply a filter to that file (say, udp).
3. Dump the filtered packets into a different file (dest.cap).
Is there a winpcap function that does this?
No, but there are WinPcap
Rob Henningsgard wrote:
The answer to all of the above questions is YES, but it wasn't a bug
in NPF.SYS. I just found a bug in a rarely-used piece of my code
which allowed me to call pcap_sendpacket() with an obviously illegal
length of 1528 bytes. Depending on what pcap had done prior to
On Nov 1, 2004, at 12:32 PM, Venkatramani, Bharath wrote:
Ok I have a question regarding sending packets. Basically, when I
receive a
packet, I strip it down and get only the information that is important
to me
- IP and (UDP or TCP) headers, the data, and the trailer (if there is
any).
Now, if
On Oct 28, 2004, at 12:13 PM, jan.peeters wrote:
I'm using ethereal for quit a while now on my labtop running windows
XP.
Would it the be possible to make traces with ethereal on a isdn
interface?
(isdn pcmcia card vendor intel/eicom)
If you're doing, for example, PPP over ISDN, then, with
On Oct 15, 2004, at 6:56 AM, Punnoose Roshan wrote:
Now I get the same TypeLoadException error for pcap_dumper. I found out
that this is not a real structure, so I converted all my pcap_dumper_t
definitions to FILE,
Note also that the fact that pcap_dumper_t happens to be the same as
FILE is also
[EMAIL PROTECTED] wrote:
My problem is now the following. The former part of the script accessing the
adapter, was calling 'PacketopenAdapter'. This returns a pointer on an object of
type structure LPPACKET. This object was reused to store packets in a buffer so
that the program could assess them
On Sep 29, 2004, at 6:16 AM, Cardenas Arevalo Gustavo Antonio wrote:
All datagrams IP that I captured about one connection TCP,
the IP header has 4000 (hex) as more fragments flag and
fragment offset.
That's the don't fragment flag, the more fragments flag, and
fragment offset; 0x2000 is more
On Sep 16, 2004, at 4:47 PM, Kyle W. Cartmell wrote:
Seems to fly in Ethereal, however.
Have you turned promiscuous mode off (or made that the default)?
And I'm not getting the standard unable to enter promiscuous mode
err.
I'm not aware of that as a standard error; the problems generally
On Sep 16, 2004, at 5:33 PM, Kyle W. Cartmell wrote:
Promiscuous mode is active within Ethereal, and it can see my network
traffic.
Active, or *not* active?
I'll try modifying the example program and see what happens... hey,
look at that... go figure. lol
Yeah, promisc = 0, packets all over the
Gianluca Varenni wrote:
However, some files are installed directly to the system
folder, and cannot be moved out of those folders.
Because they're driver files, for example?
==
This is the WinPcap users list. It is archived at
On Sep 15, 2004, at 1:02 PM, Guy Harris wrote:
Are you certain that
1) SessionNum is nonnegative and is less than the number of elements
in the PcapSession array
and, if that's true,
2) PcapSession[SessionNum] is non-null?
...and that
1.5) if PcapSession is a pointer rather than an array
On Sep 15, 2004, at 10:49 AM, Venkatramani, Bharath wrote:
I am using winpcap 3.0 and have been having this problem for some time
now.
I am calling my DLL from Labview 7.1 and everytime I run my program in
debug
mode, I get an error saying that labview has encountered a reading
access
violation
On Sep 1, 2004, at 9:17 AM, Gianluca Varenni wrote:
From: Marcin Zaj±czkowski [EMAIL PROTECTED]
Sent: Sunday, August 22, 2004 11:34 AM
Hi,
I want to ask is it possible to determinate using WinPcap which
application on local machine sent/received captured packet?
No, winpcap is not able to
Rob Henningsgard wrote:
Can anyone tell me why Ethereal running with the latest WinPCap beta
can sniff the following ICMP echo request packet, correctly reporting its
length as 47 bytes...
Is that a packet being transmitted by the machine running Ethereal? If
so, note that Ethereal is *NOT*
On Aug 24, 2004, at 2:19 PM, Rob Henningsgard wrote:
No it isn't. I'm sniffing an 802.11 link between an XP laptop
and a Linksys WRT54G wireless router, using a third machine
with an 802.11 card.
OK, so there aren't any Ethernets involved, so the 60-byte padding
isn't required. (802.11 drivers
On Aug 24, 2004, at 4:36 PM, [EMAIL PROTECTED] wrote:
I am using TJesNetMonitor component for C++ builder for my project. And
something very strange is happening. I am creating a single TCP SYN
packet
and I send it to a web server. The server replies correctly but my code
response with a TCP RST
On Aug 18, 2004, at 5:09 PM, David Chang wrote:
Or, do I need to declare them myself?
Declare them yourself - there's not necessarily even a guarantee that
they'll exist on arbitrary UN*X systems (although as most of them have
BSD-derived IP stacks, or are trying to be compatible with UN*Xes
On Fri, Jul 30, 2004 at 09:48:15AM +0200, Fulvio Risso wrote:
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
I hardly believe that the NPF device driver, one of the main components of
WinPcap, will be able to run in an operating system different
from Windows.
Actually, I'd consider it a
On Jul 29, 2004, at 10:01 AM, Loris Degioanni wrote:
I hardly believe that the NPF device driver, one of the main
components of
WinPcap, will be able to run in an operating system different from
Windows.
Actually, I'd consider it a software miracle.
That's what it would be. Wine handles
On Jul 29, 2004, at 5:36 AM, Rob Henningsgard wrote:
I recommend you go visit www.ethereal.com and get a copy of Ethereal,
a program which uses WinPCap. It's a very, very good piece of
software,
with lots of packet analysis and explanation capabilities built in.
Other network analyzer
On Jul 27, 2004, at 5:55 PM, Devesh Pujari wrote:
I have set filter as ether proto 0x to capture packets for
particular Ethernet type. But I want to set the filter only for
incoming and Ethernet type 0x so that my program does not capture
packets which I send.
I tried src ether proto
On Jul 23, 2004, at 2:22 AM, J. Thomsen wrote:
So, since we already have som win32 specific stuff,
then why not add this feature to winpcap ?
Because it can be supported on at least some other platforms as well,
and shouldn't be WinPcap-specific, so it should be added to libpcap in
general?
On Jul 19, 2004, at 9:40 AM, impulse9 wrote:
it would be something like
+---+
|ETHERNET LAYER |
+---+
...unless, of course, the first hope of the connection goes over a
non-Ethernet network, such as a PPP link.
That's another reason to just use the OS's native TCP/IP
On Mon, Jul 12, 2004 at 08:23:26PM -0700, Brian Burrows wrote:
How would I set a filter that accepts only DHCP or BootP protocols?
udp port bootps or udp port bootpc
might work, if the OS on which you're running lists those protocols in
the database used by getservbyname() and if all
On Jul 9, 2004, at 2:02 PM, Gisle Vanem wrote:
But, IMHO you should drop pcap API and use the event-handle
provided by PacketGetReadEvent(). More powerful and gives you
more control.
Depending on what you mean by pcap API, you might not have to drop
the pcap API to get that handle -
On Jul 9, 2004, at 1:42 PM, Devesh Pujari wrote:
In pcap_open() method there is a field to specify timeout but i wanted
to specify while reading the packets because my timeout parameter can
change.
What are you using the timeout parameter for, so that you need to
change it?
On Wed, Jul 07, 2004 at 12:32:58AM -0700, devesh pujari wrote:
I started using wpcap library yesterday using .net
framework. I could compile test programs and capture
the packets also. I need to set the filter on Type
field for ethernet frame. How to do this ?
% man tcpdump
...
On Wed, Jul 07, 2004 at 10:58:39AM +0300, Vasily Borovyak wrote:
Maybe it isn't about the header, maybe it's about the level of OSI model? I.e.
ether means only start point of array of bytes.
I doubt that.
He said
I need to set the filter on Type field for ethernet frame
and the type field
On Jul 4, 2004, at 4:19 AM, [EMAIL PROTECTED] wrote:
thankyou Guy and Loris for responding to my query and clarifying the
thread of licences. I am
assuming from what you say that I cannot re-distribute WinPcap and
WinDump legally unless I
mention the respective statements in all descriptions of
On Jul 6, 2004, at 9:43 AM, Gisle Vanem wrote:
The definition of this macro in Win32/Include/ip6_misc.h seems to
be wrong. According to my Linux headers, it should be
#define IN_EXPERIMENTAL(a) \
long int) (a)) 0xf000) == 0xf000)
To quote RFC 3330 Special-Use IPv4 Addresses:
On Jun 28, 2004, at 1:21 PM, [EMAIL PROTECTED] wrote:
We would like to include WinPcap and WinDump on the Windows Toolbox
compilation of
software but your licencing restrictions present a problem. The clause
we have difficulty with in
particular is this:
all advertising materials mentioning
On Jun 22, 2004, at 2:04 AM, Gianluca Varenni wrote:
Hi. I think the problem is that such event is signalled by the
kernel only
when a certain amount of data is present in the buffer (the so called
mintocopy). Such event is NOT signalled when the timeout you set with
pcap_open (or pcap_open_live)
On Wed, Jun 16, 2004 at 02:00:41AM -0600, Rob Turpin wrote:
Sorry about that. I was interpretating raw packets as raw sockets. I did
find a link that gave some info. about sending raw ethernet frames in
Windows. Although not quite enough info.
Note that they say ...using C# and an NDIS
On Jun 15, 2004, at 11:13 AM, Rob Turpin wrote:
Some clarification.
1. WinPcap (Windows), libpcap(Unix) have nothing to do with sending
packets.
Perhaps they don't have anything to do with sending packets;
nevertheless, WinPcap has, for several releases, had an API that sends
packets, and some
On Jun 14, 2004, at 2:34 PM, Jens Munk wrote:
I am using the WinPCap packet driver under all windows versions since
Win98/NT with great success, and I would ideally like to do something
similar under Linux, i.e. the ability to send and receive raw
packages. Any
clues on how I do that? Will there
Gordon Tyler said:
I have an application which uses WinPcap 3.0 to monitor network traffic
by tracking the size of IP packets as well as their source and
destination. One of our QA people just encountered a rather odd error
which we have never seen before:
recv_ack: info: Unexpected
On Jun 7, 2004, at 1:55 AM, Mark Pizzolato wrote:
2) Additionally, The application which uses the dedicated Intel NIC,
only
really wants to use Ethernet type devices, so it takes the set of
interfaces
returned by pcap_findalldevs, and uses pcap_open_live on each, and then
calls pcap_datalink to
On May 27, 2004, at 1:27 AM, Gianluca Varenni wrote:
From the point of view of wpcap.dll (pcap_compile()), I'm not sure if
there
is a limit on the input string and/or the generated BPF instructions.
There isn't. The BPF instructions are mallocated, and the input string
is just scanned, however
On May 25, 2004, at 11:14 PM, Jens Munk wrote:
I could do, but does the pcap API allow me to send packages as well?
http://winpcap.polito.it/docs/man/html/group__wpcap__fn.html#a34
==
This is the WinPcap users list. It is
On May 26, 2004, at 12:47 PM, Ronald C. Wagner wrote:
Im watching the Ethernet line on my computer using Ethereal. Each
time I send one message, the message shows up twice in the Ethereal
capture buffer.
What happens if you run some network analyzer (tcpdump/WinDump,
Ethereal, Analyzer, etc.)
On Thu, May 20, 2004 at 01:43:18PM +0100, {Pedro Lucas-Suporte Netcount} wrote:
I'm also using the packet API instead of pcap. The reason for Jens might be
(for me it is) performance. The more API layers it has to go through, the
slower the code. This is critical for low usage CPU (background)
On May 7, 2004, at 11:02 AM, Rob Henningsgard wrote:
If you are referring to Cisco's management packets, then WinPCap
does capture them. I just saw this yesterday while checking
out Ethereal (see http://www.ethereal.com ) in a WiFi-equipped
coffee shop with a Cisco router.
Ethereal running on
On May 7, 2004, at 1:53 PM, Rob Henningsgard wrote:
Actually, I know nothing about Cisco's stuff. Ethereal logged and
reported
Cisco management packets, describing them as STP (Spanning Tree for
Bridges) protocol. Sadly, I can't cut and paste the lovely, detailed
description of the packet from
On Apr 19, 2004, at 1:46 PM, Jinhai Yang wrote:
I'm looking at set up proper filter rules for an
adapter with two IP addresses. My question is: Does
winpcap work with adapter with multiple IP addresses?
(This is actually a generic libpcap issue, so my answer applies on UN*X
as well as Windows.)
On Apr 21, 2004, at 11:35 AM, Alex Narinsky wrote:
I am trying to specify a range of ports for windump. On LINUX it is
possible with the following expression:
tcpdump tcp[0:2] = 8192 and tcp[0:2] = 8294
(from http://www.firetower.com/forum/tcpdump.html)
However, windump does not allow any
On Apr 21, 2004, at 12:40 PM, Alex Narinsky wrote:
Thank you for response. When I specify any range of ports with this
type of expression
windump tcp[0:2]=79 and tcp[0:2]=81
I do not receive any windump messages on the screen.
What does
windump -d tcp[0:2]=79 and tcp[0:2]=81
print, and what
On Sun, Apr 04, 2004 at 10:23:17AM +0200, Gianluca Varenni wrote:
There was a bug in pcap_dump_open. We have fixed it in our source tree, and
it will be present in the next release of WinPcap.
Why, in pcap_dump_open(), are you setting the stream for the savefile
to unbuffered? That's not done
On Feb 11, 2004, at 2:02 AM, Gianluca Varenni wrote:
WinPcap does not strip any byte from packets. Since they do not contain
valid data () I think it's some sort of frame tail used by the
etherpeek
capturing engine (just my opinion, of course).
It's probably something such as that. Ethereal
On Feb 2, 2004, at 5:02 AM, Loris Degioanni wrote:
pcap_next_ex() is NOT blocking: it receives a single packet and
returns it
to the calling program. It can block for a long period if you specify
a big
timeout value in pcap_open_live(), but this is a problem that libpcap
cannot
solve: simply,
On Wed, Sep 24, 2003 at 12:03:14PM -0300, Dario Tamburi wrote:
I do:
manija=pcap_open_live(d-name,65536,1,1000,buffer);
if(manija==NULL)
{
cout error al abrir la interfaz;
I suggest you instead do
cout error al abrir la interfaz: buffer;
so that you also see the error
On Friday, August 22, 2003, at 9:51 AM, winpcap wrote:
Who/how does the old filter get freed when you set a new one ?
Does pcap_setfilter free any previous used filter when it applies
a new one ?
Freed in what sense?
In those systems where the filter is passed to the OS kernel (which
includes
On Monday, July 14, 2003, at 2:55 PM, Daniel Frimerman wrote:
The cable modem is plugged into a 10mbit ethernet card.
I.e., the computer on which your WinPcap application is running has a
10Mb Ethernet interface, and that's the interface on which the
application is sending packets?
If so,
On Monday, July 14, 2003, at 5:28 PM, Daniel Frimerman wrote:
Thank you very much Guy and Ian. I understood everything you said.
So...nor my OS (windows) or the remote system have knowledge about
speed
limits on the ethernet devices?
Your OS presumably knows that your Ethernet device is a 10Mb/s
On Sun, Jul 13, 2003 at 01:32:16AM +0100, Daniel Frimerman wrote:
Can anyone please tell me why do I need to supply netmask for pcap_compile?
Because the filter expression ip broadcast requires it. To quote from
the man page:
ip broadcast
True if the
On Sun, Jul 13, 2003 at 03:18:44AM +0100, Daniel Frimerman wrote:
I am compiling a filter:
ether proto ip
ether dst 00-E0-06-09-55-66
The above didn't compile.
Does the above mean the entire expression
ether proto ip
ether dst 00-E0-06-09-55-66
with white space between
On Sun, Jul 13, 2003 at 07:42:52PM +0100, Daniel Frimerman wrote:
I have cable, it can send 128kbits upstream.
When I used a sending loop, I generated 10mbits stream.
Does the cable modem plug directly into your computer as a network
interface, or is it connected to your computer on a 10Mb
On Friday, July 11, 2003, at 6:38 PM, Guy Harris wrote:
If you want to use it to compile a filter expression into BPF code
without using pcap_open_live() to get your capture handle, you could
use pcap_open_dead(),
Yes, I know, the documentation for it in the WinPcap 3.0 manual says
Deprecated
On Friday, July 11, 2003, at 6:28 PM, Daniel Frimerman wrote:
To the main part. I had a look at pcap_compile and fainted. Has anyone
coded a separate routine to compile filter strings which doesn't take
any wpcap.dll specific values such as the first parameter of adapter
returned by other pcap
On Fri, Jun 13, 2003 at 03:57:40PM +0200, [EMAIL PROTECTED] wrote:
I'm using Windump 2.3 Beta
2.3 *Beta*? The final version of 2.3 was released a while ago, and the
current version is 3.0.
to capture packet on Win 98. But it always
prints out the time stamp of the first packet and stops
On Fri, May 23, 2003 at 04:10:24PM +0200, Gisle Vanem wrote:
Is there any function of IO-control command to get the
file-version of NPF.SYS? The PacketGetVersion() only
returns the packet.dll version (not so interesting).
Was there any answer to this? I've just updated the current CVS version
On Mon, Mar 24, 2003 at 03:32:26PM -0800, Guy Harris wrote:
Infinite, or just more than there's room for in the stack? A stack
overflow does not necessarily imply infinite recursion.
I tried that same filter (after removing extra blanks and !s that
somehow had gotten inserted into the file
On Tue, Mar 25, 2003 at 10:28:30PM +0200, xen0x wrote:
like, if I were to receive only communiction coming to\from port 25
without x.y.z.k and a.b.c.d. what would be the filter string?
That depends on what you mean by without x.y.z.k and a.b.c.d. If you
you don't want to see any traffic to or
On Mon, Mar 24, 2003 at 03:27:59PM -0800, Hai Nguyen wrote:
From the source code, I am not able to figure out the
maximum limit size for a filter string. It works fine
with a string of 1 bytes. However, the filter
string I sent in my previous mail leads to an infinite
recursive calls to
On Tue, Mar 04, 2003 at 01:58:54PM +0100, Gisle Vanem wrote:
MFC is C++ and pcap.h isn't written to be used with C++.
It wasn't *originally* so written, but change 1.24 in the libpcap CVS
history should have fixed that:
revision 1.24
date: 2000/07/29 07:36:43; author: guy;
On Thu, Feb 27, 2003 at 06:46:57PM +0100, Alex Peuchert wrote:
or you could have a look at the pcap source code to see, how pcap writes a
packet to a file ...
Or you could just use libpcap/WinPcap to read the file. :-)
==
This
On Tue, Feb 25, 2003 at 11:23:42AM -0800, Jason Copeland wrote:
If I'm not mistaken, I think it uses 'KeQuerySystemTime'.
...on Windows NT (4.0, 5.0 a/k/a Windows 2000, 5.1 a/k/a Windows XP,
etc.).
I think it uses something else on Windows OT (95, 98, Me).
In both cases, those are kernel
On Tue, Feb 25, 2003 at 12:41:16AM -0800, Balakrishnan Muthukrishnan wrote:
So I think this is pretty much capturing almost
all packets and finding out if the string is there
before logging to a file !!
Yes, unless you want to construct a complicated filter expression to
test whether the
On Tue, Feb 25, 2003 at 02:51:02PM -0500, Jonathan wrote:
Yes, GetSystemTime goes to milliseconds. Currently, I've been using
GetSystemTimeAsFileTime and then converting the 100 nanosecond resolution
to microseconds. But the time obtained doesn't seem to be consistent with
the time stamp
On Tue, Feb 25, 2003 at 05:19:57PM -0500, Jonathan wrote:
I was wondering if you could point me to the file in which this is done?
If by this you mean the time-stamping of packets, then:
download the WinPcap 3.0 beta source ZIP file from
http://winpcap.polito.it/install/default.htm
On Tue, Feb 25, 2003 at 02:02:41PM -0800, Jeff Wong wrote:
When I try to execute the following command:
pcapHandle = pcap_open_live(pcapDeviceName, BUFSIZ, 0, -1, pcapErrBuf);
I am getting the error socket: Operation not permitted.
Is this because I'm not executing as root?
Is there a way
On Sun, Feb 23, 2003 at 09:32:22PM +0100, Fulvio Risso wrote:
WinPcap has some more files that are not in the tcpdump.org CVS since they
are WinPcap extensions.
Since everybody uses the WinPcap _binaries_ instead of the ones that come
from the tcpdump.org repository, we avoided the WPCAP.DEF
1 - 100 of 108 matches
Mail list logo