[Winpcap-users] can not get any captured package when
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Wed Aug 6 02:21:36 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Lin George wrote:
> I. I ping www.google.com, and get its IP address, say a.b.c.d;
> II. then I use WinDump host a.b.c.d, but no traffic.
When you're pinging (or doing HTTP to) www.google.com, or when you're
pinging (or doing HTTP to) a.b.c.d directly? If you windump on the IP
address, then you *also* have to use the IP address in whatever program
you're using to generate the traffic.
Otherwise instead of trying to match up two random values (the result of
the windump name resolution and the result of the name resolution done
by the other program), you're trying to match one fixed value (the
"manual" name resolution) to one random value (the result of the name
resolution done by the other program). *Both* need to be fixed.
> In the traffic captured by WinDump, I noticed all the traffic is from
> my computer to my Lab proxy server (not to the actual web server URL,
> e.g. www.google.com), I am wondering could the proxy the cause of
> this issue?
Um, yeah, if the traffic that you do want to capture is headed to a
proxy, then you need to have windump's filter set to the proxy's IP.
Just like you'd need to have windump's filter set to the IP of any other
random server if you're trying to capture that traffic.
windump (or any other libpcap/winpcap program) doesn't look inside the
proxy traffic when comparing packets against the "host" directive; it
just compares the IP src and dst addresses on the packet.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFImQqvS5vET1Wea5wRA8zcAJ9vRiRAnmC2zB6yzqLdEqh+G5As0QCeLWZO
4JSKXlCCO0CJePDo9irDq0o=
=a9zw
-----END PGP SIGNATURE-----
More information about the Winpcap-users
mailing list