[Winpcap-users] problem between WpdPack sample exe's and MFC port

Peter Lee peter.lee.cpp at gmail.com
Tue Jul 14 20:53:58 PDT 2009


It is so tiring to read a long post without code example...

Can you send a small example.

Good luck

On Fri, Jul 10, 2009 at 1:38 AM, <timgrab at comcast.net> wrote:
> Hi folks,
>
>
>
> I have been writing an application using MFC in Visual Studio 2005.  The
> application uses WinPcap to open a pcap file and modify the protocol headers
> so that the packets can be streamed locally on a test network and received
> by other applications/devices.
>
>
>
> I have been borrowing heavily from the sample code in the WinPcap 4.0.2
> Developer’s Pack, and successfully porting that basic functionality from C
> to MFC/C++.  For example, my GUI currently allows the user to open a pcap
> file, change the MAC addresses in the packets, and save the packets to a new
> file.
>
>
>
> I ran into a problem recently.  I have been creating pcap files by exporting
> proprietary files from a 3rd party application into pcap format.  However,
> it appears that the 3rd-party app, let’s call it “MrSniffer”, changes the
> caplen in the packet header to 116 bytes, no matter what it was in the
> original (MrSniffer-formatted) file, or what the actual length of the packet
> is.  I am able to use Wireshark to successfully read and display all packets
> in their entirety from the newly-exported pcap file.  Also, I am able to use
> the command-line executable “readfile” from the 4.0.2 Developer’s Pack to
> read and display each packet from the MrSniffer-exported pcap file in its
> entirety.
>
>
>
> It’s when I try to read the file into my MFC application that I run into a
> problem.  I use the same basic code in the “readfile” executable for my MFC
> application to open the file and read the packets, i.e. I am using
> pcap_open_offline() to open the file, and pcap_loop() to call a
> dispatcher_handler with the following parameters…
>
>
>
> dispatcher_handler(u_char *temp1, const struct pcap_pkthdr *header, const
> u_char *pkt_data)
>
>
>
> …which reads in each packet.  The trouble arises when the packets are read
> into my application, and it appears that the pcap library functions I am
> using are reading the packets based on the caplen of 116 bytes – so any
> packets larger than 116 bytes are truncated, and I lose the rest of that
> data!
>
>
>
> What is so strange about this is that I am using the same library as the
> Developer’s Pack sample “readfile”, and essentially the same code, but my
> application seems to read the caplen, while “readfile” uses the actual
> packet length.
>
>
>
> Unfortunately, I can’t change “MrSniffer” so that it does not modify the
> caplen; my only option appears to be to read the actual packet length from
> each packet when dealing with these exported pcaps.  I have not been able to
> find a way to do this using the exported functions – probably because I am
> quite new to WinPcap.
>
>
>
> If anyone has any suggestions, I’d greatly appreciate it!
>
>
>
> Thanks and Regards –
>
>
>
> TimG
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>


More information about the Winpcap-users mailing list