<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.5346.5" name=GENERATOR>
<STYLE>
<!--
/* Font Definitions */
@font-face
        {font-family:宋体;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"\@宋体";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        text-align:justify;
        text-justify:inter-ideograph;
        font-size:10.5pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:Verdana;
        color:windowtext;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
/* Page Definitions */
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;
        layout-grid:15.6pt;}
div.Section1
        {page:Section1;}
-->
</STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Verdana color=#0000ff size=2>Because wpcap.dll depend on
packet.dll,but I want to use few dll. Thanks for your suggest,I know that
now.</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV align=left>
<DIV align=left><FONT face=Verdana size=2>
<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>
</FONT></DIV>
<DIV><FONT color=#c0c0c0><FONT face=Verdana
size=2>yunshu@ph4nt0m.org</FONT></DIV>
<DIV><FONT face=Verdana size=2>2006-05-26</FONT></FONT></DIV></DIV>
<DIV><FONT face=Verdana size=2>
<HR>
</FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发件人:</STRONG> Gianluca
Varenni</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发送时间:</STRONG>
2006-05-25 23:01:33</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>收件人:</STRONG>
winpcap-users@winpcap.org</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>抄送:</STRONG> </FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>主题:</STRONG> Re: Re:
[Winpcap-users] Need help for capture packets on winxp box</FONT></FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana size=2>
<DIV><FONT face="Courier New" size=2>Just a quick question: why are you using
the Packet API instead of the pcap one?</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>I hope you have read the big notice in the
documentation:</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV>
<H2>Important note, read carefully!</H2>
<P>The source code of Packet.dll is freely available and completely documented.
However, packet.dll should be considered an internal API, because its purpose
inside WinPcap is to be a building block for the real public API: wpcap.dll.</P>
<P>As a consequence, since the <B>normal</B> and <B>suggested</B> way for an
application to use WinPcap is through wpcap.dll, <B>we don't guarantee that the
packet.dll API will not be changed in future releases of winpcap, and we don't
provide support for this API</B>. For the same reason, <B>this manual doesn't
contain any more the Doxygen-generated documentation of Packet.dll</B>: the user
will have to run Doxygen on his own to create it, or read the comments in the
source code.\\\</P></DIV>
<DIV><FONT face="Courier New" size=2>Have a nice day</FONT></DIV>
<DIV><FONT face="Courier New" size=2>GV</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=yunshu@ph4nt0m.org
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, May 25, 2006 7:14
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Fw: Re: [Winpcap-users] Need
help for capture packets on winxp box</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>Hello,everyone.</FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>The problem has been solved by
<FONT color=#0000ff><STRONG>Vasily Borovyak</STRONG>,he is so kind!
Now,everybody can see</FONT></FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>what a stupid mistake I made
yesterday! haha~</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV align=left>
<DIV align=left><FONT face=Verdana size=2>
<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>
</FONT></DIV>
<DIV><FONT color=#c0c0c0><FONT face=Verdana size=2><A
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A></FONT></DIV>
<DIV><FONT face=Verdana size=2>2006-05-25</FONT></FONT></DIV></DIV>
<DIV><FONT face=Verdana size=2>
<HR>
</FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发件人:</STRONG> Vasily
Borovyak</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发送时间:</STRONG>
2006-05-25 21:29:01</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>收件人:</STRONG> <A
href="mailto:yunshu@ph4nt0m.org">yunshu@ph4nt0m.org</A></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>抄送:</STRONG> </FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>主题:</STRONG> Re: [Winpcap-users]
Need help for capture packets on winxp box</FONT></FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana><TT><FONT size=2>I made a deeper look. The problem I
mention is the reason of your problem.<BR><BR>The size of ethernet header for
IPv4 is always 14 bytes (6 bytes + 6 bytes + 2 bytes).<BR>Your definition is
16+16+2=34 bytes long. And further in the code you're using <FONT
color=#666666>sizeof </FONT>keyword:<BR></FONT><FONT
color=#666666><BR></FONT></TT><FONT size=2><FONT color=#666666>//get ip
header<BR>ipr = (IP_HDR
*)(pchar+sizeof(ETH_HDR));</FONT><BR></FONT><TT><BR><FONT size=2>So <FONT
color=#666666>ipr</FONT> poiter points somewhere to the IP packet data but not
to the header of it.<BR>So simply change [16] to the
[6].<BR></FONT></TT><TT><FONT size=2>I'm sure it will
help.<BR><BR></FONT></TT><TT><BR></TT><TT>I think the code you send us is not
yours so you can't find the problem yourself. :)</TT><BR><FONT
size=2><TT><FONT size=3>And if you afraid if the buffer is not enough then you
not understand</FONT></TT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><TT><FONT size=3>what the C programming
language is. ;)<BR></FONT></TT></FONT><FONT size=2></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2>-- <BR>Best regards. Vasily Borovyak
</FONT><A class=moz-txt-link-rfc2396E href="mailto:vbor@isd.dp.ua"><FONT
size=2><vbor@isd.dp.ua></FONT></A></DIV></FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></FONT></DIV></BODY></HTML>