[Winpcap-users] Missing Packets when Application captures from Network
Black, Michael (IS)
Michael.Black2 at ngc.com
Tue Feb 21 05:00:12 PST 2012
Are you writing to a remote share file when running from there?
Or do you mean remote desktop?
I can't imagine why it would make any difference to pcap as to what file system it came from.
I also can't imagine why you would see packets from the application LOCATION and not the host RUNNING the app.
I can imagine remote desktop causing problems.
You should be able to make a small demo program that the rest of us can test?
You also realize that if you are on a switch instead of a hub you won't see any other network traffic? Unless you have a monitoring port you can plug in to?
Michael D. Black
Senior Scientist
Advanced Analytics Directorate
Advanced GEOINT Solutions Operating Unit
Northrop Grumman Information Systems
________________________________
From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org] on behalf of JB [twaigel at gmx.de]
Sent: Tuesday, February 21, 2012 4:55 AM
To: winpcap-users at winpcap.org
Subject: EXT :[Winpcap-users] Missing Packets when Application captures from Network
Hi Guys,
i have a question which belongs to a scenario where an WinPCap-dependent
Application is deployed and started from a network-ressource.
The application initiates a SMB-Connection via Windows-API und observes
incoming Packets via WinPCap.
The Application should then recognize wether a SMB, or a SMB2 Connection
is established, and act accordingly.
It should work relatively straight forward, since it should open an
adapter, start a thread which polls the interface for received packets,
puts them on a custom objectmodel, and checks some Bytes in the Protocoll.
Locally it works fine, but if i start it from a remote-share i am
missing packets.
I think my Application works in a correct manner, but i am missing these
packets, when i check and controll all the messages received on a
certain interface.
The strange behaviour I observed is, that the pcap-interface only gets
Packets from and to the same host, where the Application is located.
I already tried some issues regarding Performance of my tool, Buffering,
Snaplens and Adapter-Sleeptimes, without success.
Has anybody else a similar scenario, where such behaviour can be
observed, or am I the only one facing such problems?
(In that case, the application might work not 100% correct).
Is my basic scenario right, or did i forget some important things?
Could this be a bug?
Could provide Code-Snipptes if needed!
Thanks in advance for eventual help!
Regards
Odem
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20120221/6f069a0a/attachment.html>
More information about the Winpcap-users
mailing list