<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>.EmailQuote {
BORDER-LEFT: #800000 2px solid; PADDING-LEFT: 4pt; MARGIN-LEFT: 1pt
}
</style><style id="owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body ocsi="0" fPStyle="1">
<div style="FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR: #000000; FONT-SIZE: 10pt">
<p>Are you writing to a remote share file when running from there?</p>
<p> </p>
<p>Or do you mean remote desktop?</p>
<p> </p>
<p>I can't imagine why it would make any difference to pcap as to what file system it came from.</p>
<p>I also can't imagine why you would see packets from the application LOCATION and not the host RUNNING the app.</p>
<p>I can imagine remote desktop causing problems.</p>
<p> </p>
<p>You should be able to make a small demo program that the rest of us can test?</p>
<p> </p>
<div>
<p>You also realize that if you are on a switch instead of a hub you won't see any other network traffic? Unless you have a monitoring port you can plug in to?</p>
<p> </p>
<p> </p>
<div style="FONT-FAMILY: Tahoma; FONT-SIZE: 13px">
<p>Michael D. Black</p>
<p>Senior Scientist</p>
<p>Advanced Analytics Directorate</p>
<p>Advanced GEOINT Solutions Operating Unit</p>
<p>Northrop Grumman Information Systems</p>
</div>
</div>
<div>
<hr tabindex="-1">
<div id="x_divRplyFwdMsg"><font color="#000000" size="2" face="Tahoma"><b>From:</b> winpcap-users-bounces@winpcap.org [winpcap-users-bounces@winpcap.org] on behalf of JB [twaigel@gmx.de]<br>
<b>Sent:</b> Tuesday, February 21, 2012 4:55 AM<br>
<b>To:</b> winpcap-users@winpcap.org<br>
<b>Subject:</b> EXT :[Winpcap-users] Missing Packets when Application captures from Network<br>
</font><br>
</div>
<div></div>
</div>
<font size="2"><span style="FONT-SIZE: 10pt">
<div class="PlainText"><br>
Hi Guys,<br>
<br>
i have a question which belongs to a scenario where an WinPCap-dependent <br>
Application is deployed and started from a network-ressource.<br>
The application initiates a SMB-Connection via Windows-API und observes <br>
incoming Packets via WinPCap.<br>
The Application should then recognize wether a SMB, or a SMB2 Connection <br>
is established, and act accordingly.<br>
It should work relatively straight forward, since it should open an <br>
adapter, start a thread which polls the interface for received packets, <br>
puts them on a custom objectmodel, and checks some Bytes in the Protocoll.<br>
<br>
Locally it works fine, but if i start it from a remote-share i am <br>
missing packets.<br>
I think my Application works in a correct manner, but i am missing these <br>
packets, when i check and controll all the messages received on a <br>
certain interface.<br>
The strange behaviour I observed is, that the pcap-interface only gets <br>
Packets from and to the same host, where the Application is located.<br>
<br>
I already tried some issues regarding Performance of my tool, Buffering, <br>
Snaplens and Adapter-Sleeptimes, without success.<br>
<br>
Has anybody else a similar scenario, where such behaviour can be <br>
observed, or am I the only one facing such problems?<br>
(In that case, the application might work not 100% correct).<br>
Is my basic scenario right, or did i forget some important things?<br>
Could this be a bug?<br>
<br>
Could provide Code-Snipptes if needed!<br>
<br>
Thanks in advance for eventual help!<br>
<br>
Regards<br>
Odem<br>
_______________________________________________<br>
Winpcap-users mailing list<br>
Winpcap-users@winpcap.org<br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</div>
</span></font></div>
</body>
</html>