[Winpcap-users] Programs not working

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Nov 18 16:04:13 PST 2009 

----- Original Message ----- 
From: "Fish" <fish at infidels.org>
To: <winpcap-users at winpcap.org>
Sent: Wednesday, November 18, 2009 3:00 PM
Subject: Re: [Winpcap-users] Programs not working


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dennis Burgess wrote:
> Gianluca Varenni wrote:
> > Dennis Burgess wrote:
> >
> > > I have winpcap installed with Wireshark, my router,
> > > sends a packet sniff stream to my PC. This works
> > > PERFECTLY with Wireshark. I have two other programs
> > > that look at data and capture data, they do not have
> > > options to enable promismiscus mode. And hence, they
> > > don't get any data. Is there a way to enable that
> > > on the NIC or though winPacp?
> >
> > No. If it's just specific to your own machine, the easiest
> > way is to recompile your own version of wpcap.dll and force
> > promiscuous mode from within the code.
>
> Sorry to say I don't know how to do that one.  :(  All attempts
> to get these two programs to work, just fail, they see the
> connections from the IP that the workstation is one, but nothing
> else.  But like I said,  Wireshark works, so I would think that
> its not a machine issue.

It's not.

Setting an adapter into promiscuous mode is easy. It's just a simple
DeviceIoControl call.

--GV--
And as soon as your application stops, the promiscuous mode will get 
disabled. Promiscuous mode is not only a hardware setting. NDIS controls 
which packets are delivered to the various protocol drivers (including 
WinPcap) based on their request to receive all the packets (promiscuous 
mode) or only some of them. That's why I suggested to modify wpcap.dll 
directly.

If you manage to have the build environment properly set, you will just need 
to modify these lines in pcap-win32.c

p->opt.promisc = 1;    <--- ADD THIS LINE
 /* Set promiscuous mode */
 if (p->opt.promisc)
 {

  if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_PROMISCUOUS) == FALSE)
  {
   snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to 
promiscuous mode");
   goto bad;
  }
 }
 else
 {
  if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_ALL_LOCAL) == FALSE)
  {
   snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to 
non-promiscuous mode");
   goto bad;
  }
 }

Have a nice day
GV

More information about the Winpcap-users mailing list