[Winpcap-users] FW: problem with WinPcap... stops working!

Maria de Fatima Requena MariaF.Requena at a-e.es
Fri Apr 4 06:43:39 GMT 2008


I think some of us are suffering from the same problem. Someone suggested me from wireshark list that the issue must be NIC working faster than what disk can read/write

Im trying to 'tune' the application changing flag in pcap_open to 16 (max_responsiveness), and playing with the value of read timeout, but I don't get much

Let's see if we get to a solution amongst all.


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
 
________________________________________________________________________________________
De: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] En nombre de Har Yash Bahadur
Enviado el: viernes, 04 de abril de 2008 8:22
Para: winpcap-users at winpcap.org
Asunto: [Winpcap-users] FW: problem with WinPcap... stops working!

I am attaching the ethereal log. After the first NBNS query is intercepted by the handler it stops getting other packets, even though the packets of the last two request-response pairs are seen by ethereal.

The WinPcap version we have used is 4.0.3 and the APIs used in application are:
1.     pcap_findalldevs
2.             if ((adhandle = pcap_open_live(d->name,           // name of the device
                              1530,  //65536,  portion of the packet to capture. 
                          // 65536 grants that the whole packet will be captured on all the MACs.
                              1,// promiscuous mode (nonzero means promiscuous)
                              1000,// read timeout
                              errbuf// error buffer
                              )) == NULL)
* pcap_breakloop
* pcap_close
* pcap_sendpacket
* pcap_loop

-------------------------------------------------------------
________________________________________
From: Har Yash Bahadur 
Sent: Friday, April 04, 2008 11:29 AM
To: 'winpcap-users at winpcap.org'
Subject: RE: problem with WinPcap... stops working!

For the 2nd point on Problem Description:
Another point to note is that I can see the traffic on Ethereal, both the request and response are taking place, but the handler registered by the application with WinPcap is not getting invoked after it was invoked due to a "spurious" pkt.

________________________________________
From: Har Yash Bahadur 
Sent: Friday, April 04, 2008 11:18 AM
To: winpcap-users at winpcap.org
Subject: problem with WinPcap... stops working!

Hi! All,

I have written a simple application using WinPcap to send and receive L2-level (MAC) packets to a hardware device connected to my PC through Ethernet. The details of the setup are as follows:

1. The device runs software which sends back the packets received through the RJ-45 cable. The device has an integrated VMAC and its MAC address is known to the application running on PC beforehand.
2. The host (Windows PC running XP) has a Network adaptor card and its MAC address is known to the application.
3. The Application on PC-host prepares L2 packets in the following format:    | Dest MAC Addr | Src MAC addr | Protocol Type=0x88e1|  PAYLOAD |
4. The application then uses WinPcap APIs to send and receive packets to the hardware device; on a Request - Response basis.
5. The host is not connected to any LAN. It has been assigned a static IP, but it has other services running which keep sending out queries as if the PC were on a LAN.

Problem Description:
1. The packets which are sent out for the device are also received by the handler registered with WinPcap. This was mitigated by putting a filter in the handler using the protocol type (0x88e1) and the source Mac address as criteria-so that application gets only those packets which are SENT by the device to the PC.
2. A bigger problem is that sometimes, after some "other" packets are received (and duly rejected by the handler), the communication seems to stop/hang. There is no crash as such, but the packet handler seems stop working.

I am new to WinPcap; if you guys had a similar experience then please give me some clues.  Thanks! 

Regards,
Har Yash
 

Conexant E-mail Firewall (Conexant.Com) made the following annotations
---------------------------------------------------------------------
********************** Legal Disclaimer **************************** 

"This email may contain confidential and privileged material for the sole use of the intended recipient. Any unauthorized review, use or distribution by others is strictly prohibited. If you have received the message in error, please advise the sender by reply email and delete the message. Thank you." 

********************************************************************** 
---------------------------------------------------------------------



More information about the Winpcap-users mailing list