<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.2900.2873" name=GENERATOR>
<STYLE>@font-face {
        font-family: 宋体;
}
@font-face {
        font-family: Verdana;
}
@font-face {
        font-family: @宋体;
}
@page Section1 {size: 595.3pt 841.9pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; layout-grid: 15.6pt; }
P.MsoNormal {
        TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
LI.MsoNormal {
        TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
DIV.MsoNormal {
        TEXT-JUSTIFY: inter-ideograph; FONT-SIZE: 10.5pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"; TEXT-ALIGN: justify
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
        FONT-WEIGHT: normal; COLOR: windowtext; FONT-STYLE: normal; FONT-FAMILY: Verdana; TEXT-DECORATION: none; mso-style-type: personal-compose
}
DIV.Section1 {
        page: Section1
}
</STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face="Courier New" size=2>Yunshu,</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>in my opinion using packet.dll instead of
wpcap.dll just to "use few dlls" doesn't help a lot: WinPcap should
always be installed in order to use it (it's not just 1 or 2 DLLs, it contains a
driver that is installed by the WinPcap installer). </FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Just my two cents</FONT></DIV>
<DIV><FONT face="Courier New" size=2>GV</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=yunshu@ph4nt0m.org
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, May 25, 2006 6:49
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: Re: Re: [Winpcap-users] Need
help for capture packets on winxp box</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>Because wpcap.dll depend on
packet.dll,but I want to use few dll. Thanks for your suggest,I know that
now.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV align=left>
<DIV align=left><FONT face=Verdana size=2>
<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>
</FONT></DIV>
<DIV><FONT color=#c0c0c0><FONT face=Verdana size=2><A
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A></FONT></DIV>
<DIV><FONT face=Verdana size=2>2006-05-26</FONT></FONT></DIV></DIV>
<DIV><FONT face=Verdana size=2>
<HR>
</FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发件人:</STRONG> Gianluca
Varenni</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发送时间:</STRONG>
2006-05-25 23:01:33</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>收件人:</STRONG> <A
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>抄送:</STRONG> </FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>主题:</STRONG> Re: Re:
[Winpcap-users] Need help for capture packets on winxp box</FONT></FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>
<DIV><FONT face="Courier New" size=2>Just a quick question: why are you using
the Packet API instead of the pcap one?</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>I hope you have read the big notice in
the documentation:</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV>
<H2>Important note, read carefully!</H2>
<P>The source code of Packet.dll is freely available and completely
documented. However, packet.dll should be considered an internal API, because
its purpose inside WinPcap is to be a building block for the real public API:
wpcap.dll.</P>
<P>As a consequence, since the <B>normal</B> and <B>suggested</B> way for an
application to use WinPcap is through wpcap.dll, <B>we don't guarantee that
the packet.dll API will not be changed in future releases of winpcap, and we
don't provide support for this API</B>. For the same reason, <B>this manual
doesn't contain any more the Doxygen-generated documentation of
Packet.dll</B>: the user will have to run Doxygen on his own to create it, or
read the comments in the source code.\\\</P></DIV>
<DIV><FONT face="Courier New" size=2>Have a nice day</FONT></DIV>
<DIV><FONT face="Courier New" size=2>GV</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=yunshu@ph4nt0m.org
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, May 25, 2006 7:14
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Fw: Re: [Winpcap-users] Need
help for capture packets on winxp box</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>Hello,everyone.</FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>The problem has been solved by
<FONT color=#0000ff><STRONG>Vasily Borovyak</STRONG>,he is so kind!
Now,everybody can see</FONT></FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>what a stupid mistake I made
yesterday! haha~</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV align=left>
<DIV align=left><FONT face=Verdana size=2>
<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>
</FONT></DIV>
<DIV><FONT color=#c0c0c0><FONT face=Verdana size=2><A
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A></FONT></DIV>
<DIV><FONT face=Verdana size=2>2006-05-25</FONT></FONT></DIV></DIV>
<DIV><FONT face=Verdana size=2>
<HR>
</FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发件人:</STRONG> Vasily
Borovyak</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发送时间:</STRONG>
2006-05-25 21:29:01</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>收件人:</STRONG> <A
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>抄送:</STRONG>
</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>主题:</STRONG> Re:
[Winpcap-users] Need help for capture packets on winxp
box</FONT></FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana><TT><FONT size=2>I made a deeper look. The problem I
mention is the reason of your problem.<BR><BR>The size of ethernet header
for IPv4 is always 14 bytes (6 bytes + 6 bytes + 2 bytes).<BR>Your
definition is 16+16+2=34 bytes long. And further in the code you're using
<FONT color=#666666>sizeof </FONT>keyword:<BR></FONT><FONT
color=#666666><BR></FONT></TT><FONT size=2><FONT color=#666666>//get ip
header<BR>ipr = (IP_HDR
*)(pchar+sizeof(ETH_HDR));</FONT><BR></FONT><TT><BR><FONT size=2>So <FONT
color=#666666>ipr</FONT> poiter points somewhere to the IP packet data but
not to the header of it.<BR>So simply change [16] to the
[6].<BR></FONT></TT><TT><FONT size=2>I'm sure it will
help.<BR><BR></FONT></TT><TT><BR></TT><TT>I think the code you send us is
not yours so you can't find the problem yourself. :)</TT><BR><FONT
size=2><TT><FONT size=3>And if you afraid if the buffer is not enough then
you not understand</FONT></TT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><TT><FONT size=3>what the C programming
language is. ;)<BR></FONT></TT></FONT><FONT size=2></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2>-- <BR>Best regards. Vasily Borovyak
</FONT><A class=moz-txt-link-rfc2396E href="mailto:vbor@isd.dp.ua"><FONT
size=2><vbor@isd.dp.ua></FONT></A></DIV></FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></FONT></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>