<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:v = "urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META content=text/html;charset=utf-8 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16535">
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page WordSection1 {size: 612.0pt 792.0pt; margin: 72.0pt 72.0pt 72.0pt 72.0pt; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
P {
FONT-SIZE: 12pt; MARGIN-LEFT: 0cm; MARGIN-RIGHT: 0cm; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 99; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto
}
P.MsoAcetate {
FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
LI.MsoAcetate {
FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
DIV.MsoAcetate {
FONT-SIZE: 8pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text Char"
}
SPAN.EmailStyle18 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
SPAN.BalloonTextChar {
FONT-FAMILY: "Tahoma","sans-serif"; mso-style-priority: 99; mso-style-link: "Balloon Text"; mso-style-name: "Balloon Text Char"
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.WordSection1 {
page: WordSection1
}
</STYLE>
</HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody lang=EN-AU leftMargin=0 link=blue topMargin=0 bgColor=white
vLink=purple CanvasTabStop="true" name="Compose message area">
<DIV><FONT face=Calibri>Because packets are not encapsulated in the "usual" way
(ethernet/ip/udp), they are encapsulated in pppoe. A filter like "udp port 1234"
assumes that there is no pppoe involved. If the packet is encapsulated in pppoe,
you have to use the filter "pppoes and udp port 1234"</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>Have a nice day</FONT></DIV>
<DIV><FONT face=Calibri>GV</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV><B>Sent:</B> Tuesday, June 01, 2010 2:32 PM</DIV>
<DIV><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV><B>Subject:</B> Re: [Winpcap-users] Capture fails in pppoe
enviroment</DIV></DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT size=2 face=Arial>Tahnks KB,</FONT></DIV>
<DIV><FONT size=2 face=Arial>I followed your advise but still encountered
problems capturing the <FONT color=#1f497d size=3>"PPP Interface that the PPPoE
terminates on".</FONT> Using Wireshark I did see the packets when
using no filtering. I couldn't filter them nor with the port (8081 in this
case) and nor with the type which is UDP.</FONT></DIV>
<DIV><FONT size=2 face=Arial>Since my code also uses filtering that explains why
my code dosn't capture either.</FONT></DIV>
<DIV><FONT size=2 face=Arial>So my question is now why can I see the packets if
I don't filter(but if I watch them later I can see the UDP and the port which is
8081) but if I try to filter with the type or the port I don't see any
packet?</FONT></DIV>
<DIV><FONT size=2 face=Arial>Regards</FONT></DIV>
<DIV><FONT size=2 face=Arial>I. Lesher</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px"
dir=ltr>
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=kyle@connecttel.com.au href="mailto:kyle@connecttel.com.au">Kyle
Brotheridge</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, May 31, 2010 3:58 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> **SPAM** RE: [Winpcap-users]
Capture fails in pppoe enviroment</DIV>
<DIV><BR></DIV>
<DIV class=WordSection1>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Lesher,<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Please
explain a bit more. From my understanding you have a PC connected to a LAN,
and a PPPoE connection terminating on the same PC via its local
NIC.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">You
CAN capture LAN traffic, but CANNOT capture traffic from the PPPoE
connection?<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">From
this I’d say it’s because the packets from the PPPoE are encapsulated in
PPP/GRE, if you’re looking to capture the packets contained within the PPP
stream, you’ll have to capture on the PPP Interface that the PPPoE terminates
on.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">-KB<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><o:p> </o:p></SPAN></P>
<DIV>
<DIV
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<P class=MsoNormal><B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt"
lang=EN-US>From:</SPAN></B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt" lang=EN-US>
winpcap-users-bounces@winpcap.org [mailto:winpcap-users-bounces@winpcap.org]
<B>On Behalf Of </B>ceo@triplebit.com<BR><B>Sent:</B> Saturday, 29 May 2010
7:21 PM<BR><B>To:</B> winpcap-users@winpcap.org<BR><B>Subject:</B>
[Winpcap-users] Capture fails in pppoe
enviroment<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">Hi
all,</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">I use WinPcap 4.02
to capture stream source and to process the data
somehow.</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">It works fine if
the source is inside a LAN.</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">On the other hand,
when source is in a pppoe Internet connection, I capture the Ethernet card
that supports the Internet connection and I get no packet captured. The
following while loop simply never enters the loop as it does in a LAN
environment.<o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; COLOR: blue; FONT-SIZE: 10pt">while</SPAN><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">((res =
pcap_next_ex( adhandle, &header, &pkt_data)) >=
0)<o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">{<o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; COLOR: blue; FONT-SIZE: 10pt">if</SPAN><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">(res ==
0)<o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; COLOR: green; FONT-SIZE: 10pt">/*
Timeout elapsed */<o:p></o:p></SPAN></P>
<P><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; COLOR: blue; FONT-SIZE: 10pt">continue</SPAN><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">;<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">However in a
Wireshark I can definitely see the expected packets om this same
card.</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">The algorithm is
similar in both environments and it based on the samples following the
product.</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">Has anyone any idea
what could be the cause?</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">Regards</SPAN><o:p></o:p></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'; FONT-SIZE: 10pt">I.
Lesher</SPAN><o:p></o:p></P></DIV></DIV></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BODY></HTML>