[Winpcap-users] Missing Packets when Application captures from Network

JB twaigel at gmx.de
Tue Feb 21 02:55:54 PST 2012


Hi Guys,

i have a question which belongs to a scenario where an WinPCap-dependent 
Application is deployed and started from a network-ressource.
The application initiates a SMB-Connection via Windows-API und observes 
incoming Packets via WinPCap.
The Application should then recognize wether a SMB, or a SMB2 Connection 
is established, and act accordingly.
It should work relatively straight forward, since it should open an 
adapter, start a thread which polls the interface for received packets, 
puts them on a custom objectmodel, and checks some Bytes in the Protocoll.

Locally it works fine, but if i start it from a remote-share i am 
missing packets.
I think my Application works in a correct manner, but i am missing these 
packets, when i check and controll all the messages received on a 
certain interface.
The strange behaviour  I observed is, that the pcap-interface only gets 
Packets from and to the same host, where the Application is located.

I already tried some issues regarding Performance of my tool, Buffering, 
Snaplens and Adapter-Sleeptimes, without success.

Has anybody else a similar scenario, where such behaviour can be 
observed, or am I the only one facing such problems?
(In that case, the application might work not 100% correct).
Is my basic scenario right, or did i forget some important things?
Could this be a bug?

Could provide Code-Snipptes if needed!

Thanks in advance for eventual help!

Regards
Odem


More information about the Winpcap-users mailing list