You said in your previous mail that you were using WinPCap 3.0. Did you
try 3.1b4 too? Do you have the same results?
Loris
James Garrison wrote:
I tried doing the capture using only the example files
incuded in the PCap developer's kit, compiled under cygwin,
and got exactly the same results.
Welcome to the enchanted world of kernel level programming and debugging!
First suggestion: it's normally not a good idea to make products based
on windows drivers (or modified versions of them) if you don't know what
you are doing more than well. It will very soon be a pain for your users
Ben,
Ben Greear wrote:
Thanks! Could you let me know what sort of tool chains I need to
compile winpcap (including the driver)? I was hoping that I wouldn't
need to, but it is probably the problem here...
I think you can find all the information you need in the WinPcap manual.
See in
Ben,
Ben Greear wrote:
First, I was able to get bridging working on my XP box with the npf.sys
file that someone sent me. (I tried to thank them in person, but
email to their address bounces.)
I am having to poll the pcap_t device since I need to select on other
file descriptors sockets, and I
Not if you use wpcap.dll, since in that case the user-level packet
buffer is totally hidden by the API. If you want this kind of
information you probably need to use packet.dll, or patch wpcap.dll to
return it.
Loris
Fed wrote:
Hello all,
I have one question: is it possible to know how many
If you mean CPU measurements while capturing packets with WinPcap, the
answer is yes.
You can start by giving a look at the following papers:
http://winpcap.polito.it/docs/WinPcap-SBAC03.pdf
http://netgroup.polito.it/fulvio.risso/pubs/iscc01-wpcap.pdf
Loris
Sabbiolina wrote:
Anyone do some test
. The sources too are still available in the current winpcap tree.
Loris
Manfred Staudinger wrote:
Hi Loris, thank you for the answer. May I ask you, what was the
last WinPcap release to support Win98SE and whether it would be
possible to get it?
Regards, Manfred Staudinger
Loris Degioanni [EMAIL
We (like MS, by the way) don't support Windows 95/98/ME any more. We
prefer to focus our limited amount of resources on enhancing and
supporting the WinNTx versions. Therefore, WinPcap for Win9x must be
taken as is. Of course, we accept patches.
Loris
Manfred Staudinger wrote:
Hi, I downloaded
Let me start spending a few words on the precision of WinPcap
timestamps, since a similar question has been raised yesterday by Paula
Doyle.
Like every open source (and most commercial) packet capture systems,
WinPcap relies on the underlying OS infrastructure to get the raw
packets from the
François,
HAMON François wrote:
Hi,
I want to design a program, which can send packets from a libpcap format file to an Ethernet network. As the example in the WinPcap manual sendcap.c, I use the following function of WinPcap(3.0) with Windows Net4.0 :
pcap_open_offline to open the capture,
Guy Harris wrote:
Somebody trying to capture on a serial port in Ethereal sent a long
note about that to the Ethereal list:
http://www.ethereal.com/lists/ethereal-users/200502/msg00140.html
It says:
5) Because Windows PPP support is new, there is nothing about it in
the Help portion
Guy Harris wrote:
phengmaly peter wrote:
It seems to me, that the pcap_open_live's snaplen argument has only
effect when a BPF filter is set thereafter (pcap_setfilter).
Is it the intended functionality ? (both 3.0 and 3.1b4)
At least on the original systems where BPF was implemented, the
Paal,
no, it's not possible to increase the priority of the WinPcap driver.
Actually, changing the priority is a concept that doesn't make a lot of
sense when talking about drivrs (the packet-capture part of the winpcap
driver runs at DPC level, and therefore has higher priority than any other
The filter compiler tries to resolve the host namese, so you can do
something like
host localhost and port 2404
but this will filter the packets with the loopback IP address.
Loris
Hi
Is it possible to filter all the TCP/IP traffic from / to
the pc runnning WinPcap, without have to
Hi,
We have encountered two problems with winpcap:
1. Using version 3.0 we have found that the non-paged pool is gradually
depleted. The symptoms are that the non-paged pool gradually grows to around
80 MB at which point users are
unable to logon and applications begin failing. Through trial
Is your machine SMP?
Are you using the latest beta version of WinPcap?
Loris
-Original Message-
From: Venkatramani, Bharath
[mailto:[EMAIL PROTECTED]
Sent: Friday, December 10, 2004 10:36 AM
To: '[EMAIL PROTECTED]'
Subject: [WinPcap-users] Timestamp synchronization issues...
Title: Does pcap_sendpacket() work on PPP, WinXp
Transmission is not supported on PPP adapters. This is
documented on the WinPcap website.
Loris
From: Shuy-Young Yung
[mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 3:41
PMTo: [EMAIL PROTECTED]Subject:
Pawel,
what version of winpcap are you using? I remeber I fixed a
problem like the one you describe some time ago.
Loris
Hi!
I've tried write a NT Service which capture
network traffic using WinPcap libraries. I use MS VS .NET 2003 environment. As
type of my project
Jesse,
at http://winpcap.polito.it/docs/docs31beta4/html/index.html, you can find
some directions to compile WinPcap. Similar information can be found in the
readme-visualC and readme-cygwin files in the WinPcap source code. If you
want to improve these documents, you are of course welcome.
Loris
to compile winpcap in order to compile tcpdump? Or
can I simply use the precompiled winpcap files when I compile tcpdump?
Thanks very much,
Jesse
- Original Message -
From: Loris Degioanni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 09, 2004 11:03 AM
The speed of tg depends heavily on a number of factors, the most important
of wich are the CPU speed, the network card architecture (transfer type,
number of interrupts...) and the NIC driver. My experience is that on the
same machine results vary a lot with the card model, and sometimes just
Matthew,
WinPcap by itself is not able at all to answer to ARP requests: winpcap is a
packet library that receives and sends raw traffic. An application that uses
WinPcap could answer to ARP requests, by I think this is not your case,
because it looks that the problems persists even if you
Alex,
Hello,
I am building the application that must capture high volume
of packets on several network devices with intensive variable load.
On LINUX I can use pcap_get_selectable_fd and then use
select to work with several devices in one thread.
On Windows I have to run a
and sometimes they don't, just like my
program
/Lars
-Original Message-
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
Sent: 22. november 2004 19:37
To: [EMAIL PROTECTED]
Subject: RE: [WinPcap-users] crash
What happens with the examples of the WinPcap developers's pack, e.g
Recent versions of WinPcap *should* check pretty toroughly the frame lenght
before sending it, because we had several bug reports (and bug fixes) in the
past on this matter. Rob, what version are you using?
Loris
-Original Message-
From: Guy Harris [mailto:[EMAIL PROTECTED]
Sent:
The WinPcap tutorial
(http://winpcap.polito.it/docs/docs31beta4/html/index.html) contains quite a
lot of information about this.
Loris
-Original Message-
From: Venkatramani, Bharath
[mailto:[EMAIL PROTECTED]
Sent: Thursday, November 11, 2004 6:22 AM
To: '[EMAIL PROTECTED]'
Hi,
Hi.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: giovedi 11 novembre 2004 21.18
To: [EMAIL PROTECTED]
Subject: [WinPcap-users] setfilter
Hello...
Can I set a new filter on an ongoing capture without
missing a packet?
What happens with the examples of the WinPcap developers's pack, e.g.
netmeter?
Loris
-Original Message-
From: Lars Larsen [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 18, 2004 7:40 AM
To: [EMAIL PROTECTED]
Subject: [WinPcap-users] crash
Hello World\n;
Sometimes I
Use WaitForMultipleObjects(), feeding it with both the events.
Loris
- Original Message -
From: Raymond Mercier [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 25, 2004 8:57 AM
Subject: [WinPcap-users] blocking read
Hi all,
I am writing some code in Windows environment
I
David,
the drop counter in pcap_stats() shows the number packets rejected by the
NPF driver's tap function because of lack of space in the kernel buffer.
A cause of the difference between the user and kernel counters could be that
you have packets still to be processed by your application: the
Guy,
Gianluca Varenni wrote:
However, some files are installed directly to the system
folder, and cannot be moved out of those folders.
Because they're driver files, for example?
Yes. The driver goes to system32\drivers, the shared libraries to system32.
Loris
Guy,
J. Thomsen wrote:
Is there a way to clear the receive buffer
for packets that are captured before one
sets bpf filters ?
If there is any version of libpcap/WinPcap where setting the filter
doesn't discard all previously-received packets, I'd consider that a bug
- BPF on the
the networking stack?
By the way, this might be a good one for the FAQ ;-)
A.
-Original Message-
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
Sent: Friday, August 13, 2004 12:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [WinPcap-users] Performance impact of WinPCAP installation
The WinPcap
The WinPcap driver does a per-capture-instance binding on the underlying
networking architecture. This means that if you are not capturing, WinPcap
is not connected to the flow of packets in the networking stack, at all.
When you capture, the WinPcap driver is seen by the system as a protocol, so
If WinPcap doesn't report any drops, the problem may be in the lower layers
(i.e. NIC or NIC driver). The first step to locate it is probably trying
with a different network card and see what happens.
Loris
- Original Message -
From: Eric St.John [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
I hardly believe that the NPF device driver, one of the main components of
WinPcap, will be able to run in an operating system different from Windows.
Actually, I'd consider it a software miracle.
BTW, why do you need WinPcap on Linux? There's already native support for
libpcap on that platform.
Gisle,
Is the OID both read and write? Is it mondatory or optional?
Not sure what you mean, but OIDscope (by PCAUSA) returns these
commands in response to the OID_GEN_SUPPORTED_LIST:
How can I check if an OID is read-only?
By looking in the ddk help.
You search OID_GEN_MAC_OPTIONS,
.
-Original Message-
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
Sent: Friday, July 23, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [WinPcap-users] How do I get the MAC address of the local
adapter opened
You don't access them, unless you export them and recompile the dll
Gisle,
Browsing through Packet32.c, I noted at some places GlobalAllocPtr()
is used instead of simply a local PACKET_OID_DATA + suitable buffer
when calling PacketRequest(). e.g. in PacketSetMaxLookaheadsize().
Is there any hidden reason for this? Since overlapped I/O isn't used, I
assume
You *got* the program compiled, and evidently you were able to run it too.
What would you expect to see besides an interface not found if you don't
install the WinPcap driver?
Loris
i have installed winpcap 3.0 on a winXP machine. I am
using msvc++ 6 to compile programs and run them. i
Until now, packet.dll has been used as the hardware-specific part of
WinPcap. It's able to detect adapters from different sources (registry, IP
Helper API, static definitions) and it supports packet capture from three
sources: the NPF driver, the Dag driver (for Endace cards) and the Netmon
API
I hardly believe this. pcap_loop and pcap_next are simply two interfaces to
access the same underlying capture system, and your prblem is in the capture
systems.
Loris
I need to change the filter condition dynamically. So I have another
thread that changes filter expression.
This code works
Corrected and committed on the tcpdump.org CVS.
Loris
On Jul 6, 2004, at 9:43 AM, Gisle Vanem wrote:
The definition of this macro in Win32/Include/ip6_misc.h seems to
be wrong. According to my Linux headers, it should be
#define IN_EXPERIMENTAL(a) \
long int) (a))
I think that under NT4 you need tcp/ip in order to capture with winpcap. The
reason, if I remember well, is that NT4 donesn't have the 72 registry hive
(\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}
), and so winpcap forced to gather information about the adapters
The batching between kernel level and user level is the default behavior of
WinPcap, and is done to minimize the number of context switches and
therefore increase performance. You can disable it using the
PacketSetMinToCopy
I suggest the second solution. It ensures that no interaction happens
between the receive and send processes.
Loris
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 21, 2004 8:13 AM
Subject: [WinPcap-users] pcap_sendpacket and pcap_next_ex on same
No, sorry: it's still disabled. Nobody's had the time to work on it until
now.
Loris
Hi all.
I have a simple question to ask.
Does kernel-dump work?
I'm using packet.dll only.
I've tried both 3.0 alfa, 3.1 beta.
packet_set_mode() returns false.
Thanks.
Andrew Fedyashov
Fixed.
The fix will appear on the next version of WinPcap.
Thanks,
Loris
Hi,
With 3.1B I have found that if an invalid source parameter is passed to
pcap_open then there is an access violation. e.g. pass foo as the
source.
The problem appears to be in PacketOpenAdapterDAG where the result
To receive packets, use one of the cards supported by WinPcap (there's a
list of cards at
http://home.comcast.net/~jay.deboer/airsnare/supported.htm) and the normal
capture procedure (you can start from one of the samples in the developer's
pack). You will see Ethernet frames, since 802.11 is
/download.asp
I would tell that I thank Loris Degioanni, Fulvio Risso and Gianluca
Varenni
for publishing and managing WinPcap.
Thank you.
==
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL
http://winpcap.polito.it/misc/copyright.htm
Loris
Hi,
I would like to ask about the license conditions if I use WinPcap
library in developing a commercial software. If I'm going to distribute
the WinPcap binary files with my software, what should I do ?
And if I don't distribute
Which network adapter are you using? Some adapters (for example gigabit
adapters that do TCP offloading) don't deliver all the packets to the
application.
Knowing the kind of packet you are missing would help to understand if this
is the reason.
Loris
it is amazing but true, that one
What version of WinPcap are you using? Try the latest one (3.01a): we fixed
some bugs related to adapter listing recently.
Loris
Hi;
Even npf is runnning, windump -D can't detect any
interface.
My machine is IBM thinkpad T30 and the built in LAN
is Intel 8255x-based Integrated Fast
If I remember well, the call to CreateFile in PacketOpenAdapter() loads the
vxd into memory before opening the handle, so you simply need that function
to dynamically install the driver.
Loris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I want to write a program that use
This is the default behavior of the WinPcap device driver. In order to
always get the packets as soon as they arrive in the buffer, you must use
packet.dll, setting mintocopy=0 (see
http://winpcap.polito.it/docs/man/html/group__packet32.html#a12) and
readtimeout=0 (see
With every probability, your machine is connected to a switch. You cannot
see the traffic of the other machines simply because it is not forwarded to
you.
Loris
Good afternoon,
I'm trying to use Ephereal to sniff data on my network, but it's only
picking up broadcast packets, and packets
Did you click on the link below or did you paste it in your mail client?
Loris
If I send the mail as requested:
mailto: [EMAIL PROTECTED]
I get an error back.
Please advice.
==
This is the WinPcap users list. It
Hi,
Dear WinPcap's contributors,
I'm developing an application to send/receive packets by using
WinPcap 3.0 through wireless LAN. During my test of the program,
I found the following two strange behaviours probably caused by
WinPcap 3.0. I shall appreciate any suggestions or clues from
Two new papers are available in the documentation section of the WinPcap
website (http://winpcap.polito.it/docs).
The first one (Profiling and Optimization of Software-Based Network-Analysis
Applications)
contains a performance analysis of WinPcap and the description of some
solutions adopted to
Can you suggest your users to try WinPcap 3.01a? It fixes a bug in
PacketGetAdapterNames() that causes problems similar to the ones that you
describe.
Loris
I have an app that uses winpcap 3.0 and about 20,000 people who have
installed it over the last few weeks. I've gotten a handful of
Can you try the driver attached to this message and tell me if the bug
persists?
You must:
- unzip the attached npf.sys and copy it over the old one in
windows\system32\drivers
- issue a net stop npf from a command line prompt
- run nmap again
Loris
Lately while using nmap I've been getting
the results (also if you
don't notice any BSOD) within some days from now? It would help me to
understand if these fixes solve your problem or if the driver needs further
debugging.
Loris
Loris Degioanni [EMAIL PROTECTED] said:
Can you try the driver attached to this message and tell me
It should, in the sense that it can open NdisMediumAtm interfaces. However,
I never tested one of such interfaces.
Loris
Hi,
Does winpcap support capture of ATM traffic via an ATM interface on a
Windows 2000 machine?
thanks,
Victor
What method are you using to send the packets? What is the performance on
your machine of the sendcap and tg programs, provided in the WinPcap
developer's pack?
Loris
- Original Message -
From: Areg Alimian [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, August 11, 2003 5:12 AM
You can probably use PacketRequest with the OID_GEN_MEDIA_CONNECT_STATUS
OID.
Loris
- Original Message -
From: fyaowen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 06, 2003 4:04 AM
Subject: [WinPcap-users] Is cable plugged in?
Can I get to know whether the cable is
Hi,
Hi all,
- GetNetInfo *is* Win32 specific, like packet.dll. On the other side,
wpcap.dll exports a superset of the the libpcap library, which is
system independent. Providing link layer information on the
pcap_if_t structure means offering a method to retrieve it in the
same
The NPF driver doesn't support overlapped IO. However, you can probably
obtain the result you need using the ReadEvent filed of the ADAPTER
structure or the handle returned by pcap_getevent().
Loris
- Original Message -
From: Fred N. van Kempen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hi,
Hi all,
In my opinion, storing the MAC address inside the pcap_if_t
structure could be a useful feature, currently I'm adding
somthing similar in packet.dll.
Personally, I feel this belongs in Packet, not Pcap. Then again,
there already *is* the GetNetInfo call which provides that info,
No, as far as I know. In every case WinPcap has nothing to do with raw
sockets, so the fact that the second work doesn't imply that the first will
work as well.
Loris
By the way, can I send packets on PPP?
I heard windows raw sockets also had a bug in PPP, yet it worked here.
Daniel
-
it (packet.dll)?
Daniel
- Original Message -
From: Loris Degioanni [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 14, 2003 9:28 AM
Subject: Re: [WinPcap-users] Default HW filter?
Promiscuous mode includes all the packets that you receive if you set
You can use the transparent WinPcap installer, provided at
http://winpcap.polito.it/install/default.htm.
You can launch it from command line or from another installer.
Loris
- Original Message -
From: rain [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 09, 2003 10:01 AM
Promiscuous mode includes all the packets that you receive if you set
NDIS_PACKET_TYPE_DIRECTED. In other words, if you set promiscuos mode you
will receive also all the directed packets: setting both at the same time
has no sense.
Loris
- Original Message -
From: Daniel Frimerman
Yes.
Loris
- Original Message -
From: Daniel Frimerman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 7:55 PM
Subject: [WinPcap-users] GetLastError
Can I use GetLastError to get extended error information with packet.dll
functions (except the packetopenadapter).
The problem shouldn't have anything to do with the support of wireless
adapters. In every case, the driver shouldn't crash the system if an adapter
is not supported...
getAdaptersList() opens the registry, looks for some keys where the adapter
descriptions are normally stored, parses them and
\Device\Packet_NdisWanIp is the device that tcpip.sys uses to bind over
ndiswan.sys. WinPcap is able to list it and to open it, but capturing on
this device causes tcp/ip to stop sending and receiving packets.
\Device\Packet_NdisWanBh is used by MS Netmon for the same purpose. You can
capture over
. It simply perfroms registry queries. If you
confirm that
keyHandle is invalid, this can be only due to a problem in ZwOpenKey, which
has nothing to do with the adapter model.
Loris
Thank you again for your response,
Pun
-Original Message-
From: Loris Degioanni [mailto:[EMAIL
-Original Message-
From: Loris Degioanni [mailto:[EMAIL PROTECTED]
Sent: Monday, July 07, 2003 5:35 AM
To: [EMAIL PROTECTED]
Subject: Re: [WinPcap-users] Problem with NPF driver supporting multiple
adapters simultaneously..
A segfault should be related to your application, not to the driver
Are you sure that the cause is the webcam? Normally problems like your ones
are due to personal firewalls, packet schedulers or antivirus. Did you
install something similar on your machine?
Loris
Hi,
wincap is now capturing only the first 28 bytes of the ethernet frame. It
used to work
What kind of raw data? Are you putting the adapter in promiscuous mode?
Loris
Hi, All !
At the moment, I use the wpcap.lib to send and receive raw data over
ethernet (only point to point). On W98 it works fine, put on W2000 and XP,
I
can't receive and send these raw data, I receive only
http://www.mail-archive.com/[EMAIL PROTECTED]/msg00099.html
Loris
- Original Message -
From: Eric Thered [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 25, 2003 3:33 AM
Subject: [WinPcap-users] Problem using multiple NICs on Windows 98
I have a Windows 98 system with
On Mon, Jun 09, 2003 at 09:39:13AM +0200, Loris Degioanni wrote:
Yes, my answer was that no IOCTL is currently provided to retrieve the
driver version. Consider that packet.dll version is strictly related to
the
NPF version, since the driver and the dll are always installed toghether
change, so there is no need to re-init the pcap
adapter, by simply calling
PacketGetNetType() again will get you a correct value.
3) I'm using WinCap 3.0 (latest available from the winpcap homepage).
Loris Degioanni wrote:
Hi,
I'm having problem with the PacketGetNetType
Yes, my answer was that no IOCTL is currently provided to retrieve the
driver version. Consider that packet.dll version is strictly related to the
NPF version, since the driver and the dll are always installed toghether by
the winpcap installer, so if you don't install the WinPcap binaries
At http://winpcap.polito.it/install/ we provide a silent installer that sets
up WinPcap without making the installation screen appearing and without any
user intervention. You can run it from your setup program.
Loris
Hello,
What is the best (easiest) way to distribute an application that
- Check that you are using the corresponding WinPcap source WinDump is
strictly related to WinPcap and so compiling two different versions could
cause some problems.
- Make sure that you have a recent platform SDK from
http://www.microsoft.com/msdownload/platformsdk/sdkupdate/.
Loris
They are
Hi,
I'm having problem with the PacketGetNetType() function of Packet.dll. I
realize this isn't part of the WinPCap libs, but at least WinPCap
depends on them.
I call PacketGetNetType() and the LinkSpeed is ALWAYS
1 (100 mbps), which isn't true. I've tried these on
several
Note that in order to make winpcap work on Itanum you'll have at least to
disable the JIT filter compiler inside the driver. I suppose that an Itanum
will not like the x86 code it generates...
Loris
- Original Message -
From: Domènec Sos i Vallès [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Not yet. We'll give priority to its implementation, but we are not sure to
have a lot of time for WinPcap in the near future.
Loris
Any indication as to when a release with the kernel dump feature will be
implemented?
thanks.
- Original Message -
From: Loris Degioanni [EMAIL
Hi,
Hi
Can anybody help me with the following problem:
I installed ethreal 0.9.9 and WinPcap 2.3 on my WinXP system without any
error message. Ethereal dosen't show any interface in the list when I try
to
start capture and select an interface.
I have looked into the System information
I tried it on Windows XP, I removed the extra blanks but I still get a parse
error. In every case, windump doesn't crash. By the way, why not compressing
the huge amount of tcp port XXX with range checks on tcp[0:2] and
tcp[2:2]? It should produce simpler and more efficient filters.
Loris
On
Are you using winpcap on a dial-up connection? WinPcap doesn't support
properly these connections and the problems are usually like the one that
you describe.
Alternatively, have you installed firewalls/packet filters/packet schedulers
on the machine? If yes, try to disable them.
Loris
Hi all,
It's not available for the beta version. We will provide it with the final
release.
Loris
Would it be possible to get a No-GUI install for Wincap 3.0 beta?
==
This is the WinPcap users list. It is archived at
Which simbols doesn't the compiler find? Are they from WinPcap or from other
libraries? The first case should be quite strange unless you modified some
file or directory name, because the examples are configured to look for the
libraries in the correct relative path.
In the second case, make sure
Which version of winpcap?
Is the machine multiprocessor?
Are you the administrator of the machine?
Does Windump work?
Loris
I'm trying to use Winpcap on Windows 2000 system (Service Pack 1
installed).
Both Ethereal and Ettercap can't find Adapter list. Ethereal doesn't say
anything,
Hi,
David:
I did all that. (I actually renamed all files to .old) Then I put 2.3 in,
again. Didn't work. I never saw npf.sys in drivers. I finally installed
the
Beta Version. Now npf.sys is in drivers and running.
Apparently I missed something.
Do the removal instruction apply to the
I've applied a patch that inserts a single RegCloseKey after the two
branches instead than calling it from both of them.
Applies to Beta 3.0
The PacketGetNetInfo() in Packet32.c function fails to deallocate the
TcpIpKey registry key on successfull completion.
I have corrected successfully
The netmeter example in the developer's pack is MFC based.
Loris
- Original Message -
From: Selcuk Cevher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 04, 2003 10:03 AM
Subject: [WinPcap-users] using winpcap in a MFC application
hi,
is there anybody who is interested
The problem is quite strange since the winpcap driver has nothing to do with
sockets. Another strange fact is that the behavior occurs after 20 minutes:
driver problems (like the ones with dial-up connections, that are similar to
your one) usually show up as soon as you start the capture.
Do you
I use localtime() and it works pretty well.
Loris
I'm wondering if anyone can tell me how winpcap gets a timestamp from
windows? I've been trying to get timestamps that are consistent with the
format that winpcap uses but since windows do not have gettimeofday(),
I've
been calling
Look at the developer's pack of winpcap 3.0. It contains documentation about
the filtering syntax and a couple of samples that show how to use it.
Alternatively, the syntax is described at
http://windump.polito.it/docs/manual.htm or at
http://www.tcpdump.org/tcpdump_man.html.
Loris
-
1 - 100 of 169 matches
Mail list logo