<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.5730.11" name=GENERATOR>
<STYLE>@page Section1 {size: 612.0pt 792.0pt; margin: 72.0pt 90.0pt 72.0pt 90.0pt; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal-compose
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue bgColor=#ffffff>
<DIV><FONT size=2>Have you tried capturing with that same filter with tcpdump or
wireshark and see if the ipv6 packets are captured or not?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I suspect a bug in the pcap filter compiler.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=bassam@palettemm.com href="mailto:bassam@palettemm.com">Bassam A.
Al-Khaffaf</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, January 16, 2007 10:11
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Urgent - Why the
IPv6 packets are filtered out?</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Dear
Folk,<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> Please need your
urgent help. I am using Winpcap 4.0 beta 3 developer’s pack version to capture
the Ethernet and IPv4/IPv6 headers in order to extract the MAC and IP
addresses into my network application. The capturing operation is working
fine, I mean capturing MAC and both IPv4/IPv6 addresses. However, when I try
to filter out the traffic using both pcap_compile() and pcap_setfilter()
functions along with the filter string “udp dst port 1812 or udp dst port
1813”, Winpcap will no more show the IPv6 traffic, it shows only the IPv4
traffic destined to the two mentioned ports.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">If I changed the filter string to
“ip or ip6”, it will work fine but the problem here that the traffic destined
not to the mentioned port will be captured as
well<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The filtering part code snippet as
shown here:<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" color=green size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: green; FONT-FAMILY: 'Courier New'">/*****************************************************************************************/<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" color=green size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: green; FONT-FAMILY: 'Courier New'">
//The device is already opend<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=blue><SPAN style="COLOR: blue">if</SPAN></FONT> (d->addresses !=
NULL)<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=green><SPAN style="COLOR: green">/* Retrieve the mask of the first
address of the interface */<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
netmask=((<FONT color=blue><SPAN style="COLOR: blue">struct</SPAN></FONT>
sockaddr_in
*)(d->addresses->netmask))->sin_addr.S_un.S_addr;<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=blue><SPAN
style="COLOR: blue">else<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=green><SPAN style="COLOR: green">/* If the interface is without an
address we suppose to be in a C class network
*/<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
netmask=0xffffff; <o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=green><SPAN style="COLOR: green">//compile the filter
<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=blue><SPAN style="COLOR: blue">if</SPAN></FONT> (pcap_compile(adhandle,
&fcode, <FONT color=maroon><SPAN style="COLOR: maroon">"dst port 1812 or
dst port 1813"</SPAN></FONT>, 0, netmask) < 0)<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
{<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
cerr << <FONT color=maroon><SPAN style="COLOR: maroon">"\nUnable to
compile the packet filter. Check the syntax." <<
endl</SPAN></FONT>;<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=green><SPAN style="COLOR: green">/* Free the device list
*/<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
pcap_freealldevs(alldevs);<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=blue><SPAN style="COLOR: blue">return</SPAN></FONT>
-1;<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
}<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=green><SPAN style="COLOR: green">//set the
filter<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=blue><SPAN style="COLOR: blue">if</SPAN></FONT>
(pcap_setfilter(adhandle, &fcode) < 0)<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
{<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
cerr << <FONT color=maroon><SPAN style="COLOR: maroon">"\nError setting
the filter."</SPAN></FONT> << endl;<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=green><SPAN style="COLOR: green">/* Free the device list
*/<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
pcap_freealldevs(alldevs);<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
<FONT color=blue><SPAN style="COLOR: blue">return</SPAN></FONT>
-1;<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">
}<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"> <FONT
color=green><SPAN style="COLOR: green">//Rest of
code<o:p></o:p></SPAN></FONT></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" color=green size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: green; FONT-FAMILY: 'Courier New'">/*****************************************************************************************/<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" color=green size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: green; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" color=green size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: green; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Now if I comment out this
part, I will be able to capture all the traffics includeing
IPv6.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">I need your argent help
and it is much appreciated.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Regards<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Courier New" size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'">Bassam</SPAN></FONT><FONT
face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></P></DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>