Hi,
I have a problem using WinPCap to capture packet files on a busy network.
I am using WinPCap 3.0 on a system running Windows 2000 Professional with
Service Pack 4.
I open the adapter using pcap_open_live (timeout set to 1000), set the
buffer size to 40,960,000 using pcap_setbuff and then use pcap_next_ex to
get the packets. The setbuff command returns 0 (zero), so I presume it is
working ok.
When I start my program running on a heavily loaded network (over 13,000
packets per second) I keep getting timeout responses and no proper packets.
But if I do not use setbuff it seems to work ok.
Also, if I start the high network traffic after starting my program, it
seems to work ok.
Even though I set the timeout value in pcap_open_live to 1000, the timeout
responses seem to be coming in much faster than 1 second intervals.
My test program is a command prompt program, running under Windows 2000 Pro.
The timestamps for the packets (which I get using SYSTEMTIME and display)
show the timeout responses coming in approxiamtely 100 milliseconds apart.
Here is relevant code sections:
First the initialisation
/* Open the adapter */
if ( (adhandle= pcap_open_live(d->name, // name of the device
65536, // portion of the packet
to capture.
// 65536 grants that the whole
packet will be
// captured on all the MACs.
1, // promiscuous mode
1000, // read timeout
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by
WinPcap\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
// set the buffer size
sbresult = pcap_setbuff(adhandle, nSetBuff);
printf ("SetBuff returned : %d\n", sbresult);
...
And the reading section.
while (1)
{
retcode = pcap_next_ex(adhandle, &hdr, &data);
switch (retcode)
{
case -2: // eof reached whilst reading packet
display_packet("Dried up", 0, 0);
break;
case -1: // error occurred
display_packet("Error reading packet, trying again", 0,
0);
break;
case 0: // timeout
display_packet("Timeout reading packet", 0, 0);
break;
case 1: // received packet ok
display_packet("Got Packet", hdr, data);
break;
}
}
Am I doing something wrong?
Thanks for the help
Steve
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
