<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3059" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=296545515-30042007><FONT face=Arial color=#0000ff
size=2>Gianluca,</FONT></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=296545515-30042007><FONT face=Arial color=#0000ff size=2>I am
using a capture filter generated by the following code, note an example of the
filter is provided in the method documentation.</FONT></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><FONT color=#800000 size=2><FONT face=Arial
color=#0000ff></FONT></FONT></SPAN> </DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// generateIOFilter.</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// String* server : the ip address (ipv4) of the
server for the connection being monitored</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// String* client : the ip address (ipv4) of the
client for the connection being monitored</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// String* port : the port number used for
the connection being monitored</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// Updates the String* io_filter by adding the details
of the connection passed in.</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><SPAN style="COLOR: green"><FONT
face="Courier New" size=2>// EG. io_filter = "((ip host 192.168.162.1 or ip host
192.168.162.2) and port 5566)"</FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=296545515-30042007><FONT color=#800000>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: 'Courier New'; mso-no-proof: yes">void</SPAN><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000> M_Ethernet_Bus::generateIOFilter( String* server, String* client,
String* port )<?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000>{<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
style="mso-spacerun: yes"><FONT color=#000000>
</FONT></SPAN><SPAN style="COLOR: green">// make an array of the filter tokens.
Note that we have included spaces<SPAN
class=296545515-30042007>.</SPAN></SPAN></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000><SPAN style="mso-tab-count: 1"> </SPAN><SPAN
style="mso-spacerun: yes"> </SPAN>String* tokens[] = {</FONT><SPAN
style="COLOR: maroon">" ((ip host "</SPAN><FONT color=#000000>, server,
</FONT><SPAN style="COLOR: maroon">" or ip host "</SPAN><FONT color=#000000>,
client, </FONT><SPAN style="COLOR: maroon">") and"</SPAN><FONT color=#000000>,
</FONT><SPAN style="COLOR: maroon">" port "</SPAN><FONT color=#000000>, port,
</FONT><SPAN style="COLOR: maroon">")"</SPAN><FONT
color=#000000>};<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><o:p><FONT
color=#000000> </FONT></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
style="mso-spacerun: yes"><FONT color=#000000>
</FONT></SPAN><SPAN style="COLOR: green">// concatenate all the tokens into one
string<SPAN class=296545515-30042007>.</SPAN></SPAN></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000><SPAN style="mso-spacerun: yes"> </SPAN>String*
io_filter_base = String::Concat(tokens);<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><o:p><FONT
color=#000000> </FONT></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><o:p><SPAN
style="COLOR: green"><SPAN class=296545515-30042007>
</SPAN>// <SPAN class=296545515-30042007>ensure the filter string is
initialised and if it is, then concatenate to support
multiple</SPAN></SPAN></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><o:p><SPAN
style="COLOR: green"><SPAN class=296545515-30042007> //
connections.</SPAN></SPAN></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
style="mso-spacerun: yes"><FONT color=#000000>
</FONT></SPAN><SPAN style="COLOR: blue">if</SPAN><FONT
color=#000000>(!io_filter)<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000><SPAN
style="mso-spacerun: yes">
</SPAN>io_filter = </FONT><SPAN style="COLOR: maroon">""</SPAN><FONT
color=#000000>;<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
style="mso-spacerun: yes"><FONT color=#000000>
</FONT></SPAN><SPAN style="COLOR: blue">else<o:p></o:p></SPAN></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000><SPAN
style="mso-spacerun: yes">
</SPAN>io_filter = String::Concat(io_filter, </FONT><SPAN
style="COLOR: maroon">" or"</SPAN><FONT
color=#000000>);<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><o:p><FONT
color=#000000> </FONT></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
style="mso-spacerun: yes"><FONT color=#000000>
</FONT></SPAN><SPAN style="COLOR: green">// finally put it all together<SPAN
class=296545515-30042007>.</SPAN></SPAN></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; mso-layout-grid-align: none"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000><SPAN style="mso-spacerun: yes">
</SPAN>io_filter = String::Concat(io_filter,
io_filter_base);<o:p></o:p></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000>}</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><FONT
color=#000000 size=2></FONT></SPAN> </P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
class=296545515-30042007><FONT face=Arial color=#0000ff>It is not my
understanding that using this filter will prevent the subsequent fragments being
received by the <FONT
face="Courier New"><STRONG>packet_handler(...)</STRONG></FONT> method, please
correct me if this is wrong. When using WireShark (and debugging my code
simultaneously) I can see the fragments being received in order, yet they are
never passed to the <STRONG><FONT
face="Courier New">packet_handler(...)</FONT></STRONG>
method.</FONT></SPAN></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
class=296545515-30042007><FONT face=Arial
color=#0000ff></FONT></SPAN></SPAN> </P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
class=296545515-30042007><FONT face=Arial color=#0000ff>Thanks for taking the
time to peruse this with me.</FONT></SPAN></SPAN></P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
class=296545515-30042007><FONT face=Arial
color=#0000ff></FONT></SPAN></SPAN> </P>
<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Courier New'; mso-no-proof: yes"><SPAN
class=296545515-30042007><FONT face=Arial color=#0000ff>Regards,
Sam.</FONT></SPAN></SPAN></P></DIV></FONT></SPAN>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B>
winpcap-users-bounces@winpcap.org [mailto:winpcap-users-bounces@winpcap.org]
<B>On Behalf Of </B>Gianluca Varenni<BR><B>Sent:</B> Friday, April 27, 2007
4:30 PM<BR><B>To:</B> winpcap-users@winpcap.org<BR><B>Subject:</B> Re:
[Winpcap-users] Problem Reassembling IP Packets,missing
packet-fragments!?<BR><BR></FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=Sam.Fielden@l-3com.com
href="mailto:Sam.Fielden@l-3com.com">Sam.Fielden@l-3com.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, April 18, 2007 12:48
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Problem
Reassembling IP Packets,missing packet-fragments!?</DIV>
<DIV><FONT size=2></FONT><BR></DIV>
<DIV><FONT face=Arial size=2><SPAN class=734023319-18042007>I have written
code to reassemble fragmented IP messages and I have a system that is
generating fragmented (Ethernet) messages which I can successfully capture
using WireShark (all fragments!). However my "packet_handler(...)" method
never receives the subsequent fragments, only ever the first (with
"ip_header.flags" == 1 and "ip_header.offset" == 0).</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=734023319-18042007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=734023319-18042007>As an example
every time I enter the "packet_handler(...)" method the
"ip_header.identification" always increments by a value of 1. It is my
understanding that fragmented IP packets have the same
"ip_header.identification" value so this can be used for reassembling the
complete message.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=734023319-18042007></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=734023319-18042007>I feel like I'm
missing something obvious, do I need to 'request' the next fragment from the
WinPCap interface or should it arrive, at my "packet_handler(...)"
method, in sequence like it does in WireShark??</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><FONT face=Arial size=2><SPAN
class=734023319-18042007></SPAN></FONT></FONT> </DIV>
<DIV><FONT face=Arial size=2><FONT face=Arial size=2><SPAN
class=734023319-18042007></SPAN></FONT></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT face=Arial size=2><FONT face=Arial size=2><SPAN
class=734023319-18042007>Are you using a capture filter for that? Wireshark
uses winpcap to capture packets, you do not need to request any subsequent
frame in an IP fragment. WinPcap has no concept of IP fragments, it just
captures ethernet (or any other link layer) packets.</SPAN></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=Arial size=2><SPAN
class=734023319-18042007></SPAN></FONT> </DIV>
<DIV><FONT face="Courier New" size=2><SPAN
class=734023319-18042007></SPAN></FONT> </DIV></FONT>
<DIV align=left>
<DIV align=left><FONT face=Arial size=2><STRONG>Sam
Fielden</STRONG></FONT></DIV>
<DIV align=left><FONT face=Arial size=1></FONT> </DIV>
<DIV align=left><FONT face=Arial size=1>Software Engineer</FONT></DIV>
<DIV align=left><FONT face=Arial size=1>Beca Applied Technologies
Ltd</FONT></DIV>
<DIV align=left><FONT face=Arial size=1>10001 Jack Finney Blvd</FONT></DIV>
<DIV align=left><FONT face=Arial size=1>Greenville, Texas,
75402</FONT></DIV>
<DIV align=left><FONT face=Arial size=1>Bldg. 208. CBN011</FONT></DIV>
<DIV align=left><FONT face=Arial size=1>Ph. (903) 457-4767</FONT></DIV>
<DIV align=left><FONT face=Arial size=1></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2><EM>Only Bikers understand why dogs
love to stick their heads out car windows.</EM></FONT></DIV></DIV>
<DIV> </DIV>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>