<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.5346.5" name=GENERATOR>
<STYLE>
<!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Verdana;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
/* Page Definitions */
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
layout-grid:15.6pt;}
div.Section1
{page:Section1;}
-->
</STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Verdana color=#0000ff size=2>Hello,everyone.</FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>The problem has been solved by
<FONT color=#0000ff><STRONG>Vasily Borovyak</STRONG>,he is so kind!
Now,everybody can see</FONT></FONT></DIV>
<DIV><FONT face=Verdana color=#0000ff size=2>what a stupid mistake I made
yesterday! haha~</FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV align=left>
<DIV align=left><FONT face=Verdana size=2>
<HR style="WIDTH: 122px; HEIGHT: 2px" SIZE=2>
</FONT></DIV>
<DIV><FONT color=#c0c0c0><FONT face=Verdana
size=2>yunshu@ph4nt0m.org</FONT></DIV>
<DIV><FONT face=Verdana size=2>2006-05-25</FONT></FONT></DIV></DIV>
<DIV><FONT face=Verdana size=2>
<HR>
</FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发件人:</STRONG> Vasily
Borovyak</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>发送时间:</STRONG>
2006-05-25 21:29:01</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>收件人:</STRONG>
yunshu@ph4nt0m.org</FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>抄送:</STRONG> </FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><STRONG>主题:</STRONG> Re: [Winpcap-users]
Need help for capture packets on winxp box</FONT></FONT></DIV>
<DIV><FONT face=Verdana size=2></FONT> </DIV>
<DIV><FONT face=Verdana><TT><FONT size=2>I made a deeper look. The problem I
mention is the reason of your problem.<BR><BR>The size of ethernet header for
IPv4 is always 14 bytes (6 bytes + 6 bytes + 2 bytes).<BR>Your definition is
16+16+2=34 bytes long. And further in the code you're using <FONT
color=#666666>sizeof </FONT>keyword:<BR></FONT><FONT
color=#666666><BR></FONT></TT><FONT size=2><FONT color=#666666>//get ip
header<BR>ipr = (IP_HDR
*)(pchar+sizeof(ETH_HDR));</FONT><BR></FONT><TT><BR><FONT size=2>So <FONT
color=#666666>ipr</FONT> poiter points somewhere to the IP packet data but not
to the header of it.<BR>So simply change [16] to the
[6].<BR></FONT></TT><TT><FONT size=2>I'm sure it will
help.<BR><BR></FONT></TT><TT><BR></TT><TT>I think the code you send us is not
yours so you can't find the problem yourself. :)</TT><BR><FONT size=2><TT><FONT
size=3>And if you afraid if the buffer is not enough then you not
understand</FONT></TT></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2><TT><FONT size=3>what the C programming
language is. ;)<BR></FONT></TT></FONT><FONT size=2></FONT></FONT></DIV>
<DIV><FONT face=Verdana><FONT size=2>-- <BR>Best regards. Vasily Borovyak
</FONT><A class=moz-txt-link-rfc2396E href="mailto:vbor@isd.dp.ua"><FONT
size=2><vbor@isd.dp.ua></FONT></A></DIV></FONT></BODY></HTML>