<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Dear Gianluca,</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Thanks for your answer, yes I could figure out my problem adn get the results that i have expected. </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: "winpcap-users-request@winpcap.org" <winpcap-users-request@winpcap.org><BR>To: winpcap-users@winpcap.org<BR>Sent: Monday, April 21, 2008 6:22:05 PM<BR>Subject: Winpcap-users Digest, Vol 37, Issue 20<BR><BR>Send Winpcap-users mailing list submissions to<BR> <A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A><BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR> <A href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR>or, via email, send a message with subject or body 'help' to<BR> <A href="mailto:winpcap-users-request@winpcap.org"
ymailto="mailto:winpcap-users-request@winpcap.org">winpcap-users-request@winpcap.org</A><BR><BR>You can reach the person managing the list at<BR> <A href="mailto:winpcap-users-owner@winpcap.org" ymailto="mailto:winpcap-users-owner@winpcap.org">winpcap-users-owner@winpcap.org</A><BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Winpcap-users digest..."<BR><BR><BR>Today's Topics:<BR><BR> 1. Timestamp accuracy question (Alex Foygel (TT))<BR> 2. Re: Code for unhandled exceptation error (Gianluca Varenni)<BR> 3. Re: RARP Storm upon starting winpcap (Gianluca Varenni)<BR> 4. Re: target not receiving the packets (Gianluca Varenni)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Mon, 21 Apr 2008 10:02:25 -0500<BR>From: "Alex Foygel \(TT\)" <<A href="mailto:Alex.Foygel@tradingtechnologies.com"
ymailto="mailto:Alex.Foygel@tradingtechnologies.com">Alex.Foygel@tradingtechnologies.com</A>><BR>Subject: [Winpcap-users] Timestamp accuracy question<BR>To: <<A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>><BR>Message-ID: <8F544985CD5FE24897B348C988320602064B2DF3@chiex01><BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>What is the absolute accuracy of the individual packets' timestamps? As<BR>far as I understand, the relative accuracy (one packet relative to<BR>another packet captured within the same capture session) is 1<BR>microsecond (aside from the issues with SMP, etc.).<BR><BR><BR><BR>But the absolute accuracy, if I understand the code correctly, seems to<BR>be in the order of milliseconds. The code (time_calls.h) uses<BR>KeQuerySystemTime() to get the system time and to calculate the offset<BR>between the system time and the high-resolution values returned
by<BR>KeQueryPerformanceCounter().<BR><BR><BR><BR>According to the documentation, even though KeQuerySystemTime() returns<BR>the timestamps in 100 nanoseconds units, it's being updated once every<BR>10 milliseconds. Thus, depending on when during the 10 ms cycle the<BR>Synchronize code ran, the offset calculated by the above mentioned code<BR>can be up to 10 ms off.<BR><BR><BR><BR>Is my interpretation of the code correct?<BR><BR><BR><BR>A simple way of fixing this problem (if it's a problem at all) seems to<BR>be to run KeQuerySystemTime() in a tight loop until the value returned<BR>changes (this should take at most 10 ms because that's how often the<BR>system time is updated) and then use the new value to calculate the<BR>offset. Am I oversimplifying the problem?<BR><BR><BR><BR>The reason I'm asking the question is because I'm trying to understand<BR>whether I can compare the timestamps imbedded by my application in my<BR>messages with the
timestamps captured by winpcap, to check the time it<BR>takes for my packets to get from the application code (through all the<BR>layers, including the network stack) to the NDIS layer when it gets<BR>captured by winpcap.<BR><BR><BR><BR>Thank you for your help,<BR><BR>Alex Foygel<BR><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <A href="http://www.winpcap.org/pipermail/winpcap-users/attachments/20080421/8d8554cd/attachment-0001.htm" target=_blank>http://www.winpcap.org/pipermail/winpcap-users/attachments/20080421/8d8554cd/attachment-0001.htm</A><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Mon, 21 Apr 2008 17:20:56 -0700<BR>From: "Gianluca Varenni" <<A href="mailto:gianluca.varenni@cacetech.com" ymailto="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>><BR>Subject: Re: [Winpcap-users] Code for unhandled exceptation error<BR>To: <<A
href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>><BR>Message-ID: <0f0401c8a40e$bf35ca50$092c16ac@NELSON2><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Golnaz,<BR><BR>did you find the source of the problem?<BR><BR>Have a nice day<BR>GV<BR><BR> ----- Original Message ----- <BR> From: Golnaz Honarpisheh <BR> To: <A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> <BR> Sent: Friday, April 18, 2008 12:37 PM<BR> Subject: [Winpcap-users] Code for unhandled exceptation error<BR><BR><BR> Here is my code,However i think problem is not from code because even when i make it short to open only the file i will get same error.Another thing is that evrytime i open my file in a project i have to go to project menu and settings to set manually the wincap.lib ,in this way there is no error
in buil process but in run time i will get myfilename.exe error and in reports shows that message;unhandled exceptation<BR><BR> #include "pcap.h"<BR> #include <stdio.h><BR> #include <stdlib.h><BR> #include <iostream><BR> using namespace std;<BR> #define LINE_LEN 16<BR> void find_device(pcap_if_t **all_devices);<BR> main(int argc, char **argv) {<BR> int res,i=0;<BR> struct pcap{};<BR> char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */<BR> <BR> struct pcap_pkthdr *header; /* The header that pcap gives us */<BR> struct pcap_pkthdr *pcap_header;<BR> const u_char *packet; /* The actual packet */<BR> pcap_t *handle; /* Session handle */<BR> char
error[PCAP_ERRBUF_SIZE];<BR> FILE *capfile;<BR> char *capture_file;<BR> char *pkt_data;<BR> int caplen;<BR> <BR> pcap_t *pcap_open_offline(char *scapturefile,char *errbuf);<BR> <BR> /* Grab a packet<BR> int code = pcap_next_ex(handle,&header,&packet);<BR> if (code < 0)<BR> cout << "Error in pcap_next_ex\n";<BR> /* Print its length<BR> cout << "length of packet is" << header->len << " bytes\n"; <BR> printf("%ld: \n",
header->len);<BR><BR> /* And close the session <BR> pcap_close(handle);<BR> return(0); */<BR> /* Retrieve the packets from the file */<BR> while((res = pcap_next_ex( handle, &header, &packet)) >= 0){<BR> /* print pkt timestamp and pkt len */<BR> printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len); <BR> <BR> /* Print the packet */<BR> for (i=1; (i < header->caplen + 1 ) ; i++)<BR> {<BR> printf("%.2x ", pkt_data[i-1]);<BR> if ( (i %
LINE_LEN) == 0) printf("\n");<BR> } <BR> printf("\n\n"); <BR> } <BR> if(res == -1){<BR> printf("Error reading the packets: %s\n", pcap_geterr(handle));<BR> }<BR> <BR> return 0;<BR> }<BR> <BR><BR><BR><BR>------------------------------------------------------------------------------<BR> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<BR><BR><BR>------------------------------------------------------------------------------<BR><BR><BR> _______________________________________________<BR> Winpcap-users mailing list<BR> <A href="mailto:Winpcap-users@winpcap.org"
ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR> <A href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <A href="http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/b079a481/attachment-0001.htm" target=_blank>http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/b079a481/attachment-0001.htm</A><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Mon, 21 Apr 2008 17:24:09 -0700<BR>From: "Gianluca Varenni" <<A href="mailto:gianluca.varenni@cacetech.com" ymailto="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>><BR>Subject: Re: [Winpcap-users] RARP Storm upon starting winpcap<BR>To: <<A href="mailto:winpcap-users@winpcap.org"
ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>><BR>Message-ID: <0f2201c8a40f$31db00c0$092c16ac@NELSON2><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Absolutely no idea. And the fact that it happens on linux with libpcap is pretty weird. Both the windows machine and the linux one are Vmware guests, i suppose. Right? If so, are you using the original linux/windows drivers for the virtual nic on the guest, or the one provided by vmware?<BR><BR>Have a nice day<BR>GV<BR><BR> ----- Original Message ----- <BR> From: Michael Domberg <BR> To: <A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> <BR> Sent: Wednesday, April 16, 2008 11:44 PM<BR> Subject: [Winpcap-users] RARP Storm upon starting winpcap<BR><BR><BR> Hi,<BR> I am using Microsoft Windows Server 2003 with winpcap 4.0.2 on VMWare ESX 3. Everytime I start
a capture (with Windump or Wireshark 1.0.0) winpcap sends a couple of RARP requests. It seems like my host is trying to resolve its own MAC-address. The amount of requests changes from time to time. Sometimes only 3 requests are generated, sometimes up to 500. Even if I stop capturing some RARP packets are sent over the network. The capturing host can't see its own RARP requests, all other host in the same subnet receive all packets. If two or more hosts within the local network use winpcap these requests block all other traffic. This even occurs with libpcap on linux if the linux host is in the same network.<BR> All searches in the mailing list, google groups and google were to no avail.<BR><BR> Any suggestions?<BR><BR> Michael.<BR><BR><BR><BR>------------------------------------------------------------------------------<BR> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now.<BR><BR><BR>------------------------------------------------------------------------------<BR><BR><BR> _______________________________________________<BR> Winpcap-users mailing list<BR> <A href="mailto:Winpcap-users@winpcap.org" ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR> <A href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <A href="http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/8ed8eed1/attachment-0001.htm" target=_blank>http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/8ed8eed1/attachment-0001.htm</A><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Mon, 21 Apr 2008 17:36:36 -0700<BR>From: "Gianluca Varenni" <<A href="mailto:gianluca.varenni@cacetech.com"
ymailto="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>><BR>Subject: Re: [Winpcap-users] target not receiving the packets<BR>To: <<A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>><BR>Message-ID: <0f5501c8a410$ef6b5580$092c16ac@NELSON2><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Have you tried connecting the source and the receiver with a cross ethernet cable and see if the receiver receives the packet you sent? Also, what is the packet size you are trying to send?<BR><BR>Have a nice day<BR>GV<BR> ----- Original Message ----- <BR> From: chitra .R <BR> To: <A href="mailto:winpcap-users@winpcap.org" ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> <BR> Sent: Friday, April 18, 2008 9:25 AM<BR> Subject: RE: [Winpcap-users] target not receiving the packets<BR><BR><BR><BR> Hi
all,<BR><BR> Thanks for your reply, I am framing the frame as<BR><BR> [dstmac addr + src mac addr + type + data], i tried the type as 0x0800, still I am not able to capture the packet at the target. I verified for both source and destination are on the same network.<BR><BR> Thanks,<BR> Chitra<BR><BR><BR><BR> Fish <<A href="mailto:fish@infidels.org" ymailto="mailto:fish@infidels.org">fish@infidels.org</A>> wrote:<BR><BR> -----BEGIN PGP SIGNED MESSAGE-----<BR> Hash: SHA1<BR><BR> Fish wrote:<BR> > Ethernet is 0x0800, not 0x0000.<BR><BR> (ACK!) The FRAME TYPE for IP is 0x0800, not 0x0000. Sorry.<BR><BR> This is presuming you're dealing with IP packets of course.<BR><BR> ARP would be 0x0806, RARP 0x8035 etc.<BR><BR> - -- <BR> "Fish" (David B. Trout) - fish(at)<A href="http://infidels.org/"
target=_blank>infidels.org</A><BR> Fight Spam! Join CAUCE! <BR> (Any HTML email received will be deleted unread)<BR> PGP key fingerprints:<BR> RSA: 6B37 7110 7201 9917 9B0D 99E3 55DB 5D58 FADE 4A52<BR> DH/DSS: 9F9B BAB0 BA7F C458 1A89 FE26 48F5 D7F4 C4EE 3E2A<BR><BR> -----BEGIN PGP SIGNATURE-----<BR> Version: PGP 8.1<BR><BR> iQA/AwUBSAg6lUj11/TE7j4qEQLf0gCZAWZEOBcg16TH+dIDgSVuaDE/OYgAoIBn<BR> 8E37j/ops7XrieNbnd4YfoAt<BR> =N0dk<BR> -----END PGP SIGNATURE-----<BR><BR> _______________________________________________<BR> Winpcap-users mailing list<BR> <A href="mailto:Winpcap-users@winpcap.org" ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR> <A href="https://www.winpcap.org/mailman/listinfo/winpcap-users"
target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR><BR><BR><BR><BR><BR>------------------------------------------------------------------------------<BR> Connect with friends all over the world. Get Yahoo! India Messenger.<BR><BR><BR>------------------------------------------------------------------------------<BR><BR><BR> _______________________________________________<BR> Winpcap-users mailing list<BR> <A href="mailto:Winpcap-users@winpcap.org" ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR> <A href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <A href="http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/f3c09401/attachment.htm"
target=_blank>http://www.winpcap.org/pipermail/winpcap-users/attachments/20080422/f3c09401/attachment.htm</A><BR><BR>------------------------------<BR><BR>_______________________________________________<BR>Winpcap-users mailing list<BR><A href="mailto:Winpcap-users@winpcap.org" ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR><A href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR><BR><BR>End of Winpcap-users Digest, Vol 37, Issue 20<BR>*********************************************<BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR></DIV></div><br>
<hr size=1>Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. <a href="http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ "> Try it now.</a></body></html>