[Winpcap-users] Strange behavior on capturing PPPoE pachets

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Aug 19 20:03:42 GMT 2008 

  ----- Original Message ----- 
  From: Gogu Melcu 
  To: winpcap-users 
  Sent: Saturday, August 16, 2008 11:45 AM
  Subject: [Winpcap-users] Strange behavior on capturing PPPoE pachets


  I am using Wireshark to debug capturing process of PPPoE packets.

  Why PPPoE packets are captured on "NVIDIA nForce Networking Controller" interface and not on "WAN (PPP/SLIP) Interface"?

Because PPPoE packets go out of an ethernet interface. You will basically see the packets going out of the WAN interface, then the WAN driver encapsulates them in PPPoE ethernet frames and sends them to the ethernet interface connected to your DSL modem.


  Why some packets are captured twice, first on "WAN (PPP/SLIP) Interface" and second on "GenericDialupAdapter"?


This is normal. GenericDialupAdapter is aa fake adapter that receives all the packets coming from dialup/VPN connections (including  PPPoE).

Have a nice day
GV


  Open device: \Device\NPF_GenericDialupAdapter 0.0.0.0 0.0.0.0
  Open device: \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7} 79.118.219.97 255.255.255.255 (WAN (PPP/SLIP) Interface)
  Open device: \Device\NPF_{B949492E-4290-4D4A-AA05-D2F8AB7FA4EA} 192.168.1.64 255.255.255.0
  Packet: 79.118.219.97:1574 169.254.119.251:2869 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1574 169.254.119.251:2869 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1576 210.51.25.206:80 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1577 89.111.182.80:80 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 89.111.182.80:80 79.118.219.97:1577 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1577 89.111.182.80:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 210.51.25.206:80 79.118.219.97:1576 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1576 210.51.25.206:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1576 210.51.25.206:80 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1577 89.111.182.80:80 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 89.111.182.80:80 79.118.219.97:1577 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1577 89.111.182.80:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 210.51.25.206:80 79.118.219.97:1576 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1576 210.51.25.206:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 72.232.199.165:80 79.118.219.97:1578 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 72.232.199.165:80 79.118.219.97:1578 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 72.232.199.165:80 79.118.219.97:1578 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 72.232.199.165:80 79.118.219.97:1578 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_GenericDialupAdapter
  Packet: 91.195.7.1:80 79.118.219.97:1575 TCP 66 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 79.118.219.97:1575 91.195.7.1:80 TCP 54 \Device\NPF_{655ED554-F705-4264-9DBC-B2C204A1EDC7}
  Packet: 72.232.199.165:80 79.118.219.97:1578 TCP 66 \Device\NPF_GenericDialupAdapter
  Packet: 79.118.219.97:1578 72.232.199.165:80 TCP 54 \Device\NPF_GenericDialupAdapter

  Thanks for this very usefull library.

  Gogu Melcu, melcug at gmail.com
  16-08-2008


------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080819/b549d113/attachment-0001.htm

More information about the Winpcap-users mailing list