<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16525" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 18, 2007 10:07
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] pcap_loop
pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>Thanks GV,</FONT></DIV>
<DIV><FONT size=2>Another phenomena bathers me and I'd like to have your
advise of possible-</FONT></DIV>
<DIV><FONT size=2>I let my VC++ application to run and it transmits TCP
packets.</FONT></DIV>
<DIV><FONT size=2>I sniff with Ethereal while sniffing concurrently with my
application and I filter into a dump file only payload data packets. I
encounter the following anomalies-</FONT></DIV>
<DIV><FONT size=2>1. My applications misses packets from time to
time.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>If your application is not fast enough at processing packets,
the WinPcap capture can definitely lose packets. Please check the dropped
packets count in the statistics returned by pcap_stats and
pcap_stats_ex</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>2. The ACK in my application packets are always
0.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE>
<DIV><FONT size=2>Is this what you see in wireshark/ethereal? As far as I
remember wireshark normalizes the ACK values to be 0-based. If you look in the
middle pane of wireshark, if the ACK are normalized, they are marked as
"(relative ack number)" (at least on an recent version of
Wireshark).</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Hope it helps</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Can you explain that and possible suggest some
workaround?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Regards</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>I. Lesher</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 18, 2007 5:34
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] pcap_loop
pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>No, you cannot use global pointers. </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Although those pointers are valid throughout the life of
the pcap handle (valid in the sense that they point to a valid memory
location), as soon as your pcap_loop callback function returns, the contents
of such memory are overwritten. </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>The *ONLY* way to preserve a packet passed to the
pcap_loop callback is to copy the packet into some memory buffer allocated
by your application.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 11, 2007
9:07 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2>Thanks GV,</FONT></DIV>
<DIV><FONT size=2>I experimented a little and saw that if I assign global
pointers with the outcome pointers values from the function, they
sustain to point to the original pointers data even if I leave the
function.</FONT></DIV>
<DIV><FONT size=2>Does that make sense with your reply?</FONT></DIV>
<DIV><FONT size=2>Can I use these global pointers values after returning
from the function? </FONT></DIV>
<DIV><FONT size=2>Regards</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>I. Lesher</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=gianluca.varenni@cacetech.com
href="mailto:gianluca.varenni@cacetech.com">Gianluca Varenni</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> ; <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, September 11, 2007
8:34 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ceo@triplebit.com
href="mailto:ceo@triplebit.com">ceo@triplebit.com</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, September 10, 2007
6:13 AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users]
pcap_loop pointers</DIV>
<DIV><FONT size=2></FONT><BR></DIV>
<DIV><FONT size=2>I think that my question represents also other
users.</FONT></DIV>
<DIV><FONT size=2><FONT size=3>When using the function
"pcap_loop" the system uses the fallowing callback<BR>whenever a
packet arrives -<BR><BR> typedef void(*
pcap_handler)(u_char *user, const struct pcap_pkthdr<BR>*pkt_header,
const u_char *pkt_data)<BR><BR><BR>My questions-<BR><BR>1. I saw that
the pointers pkt_data and pkt_header differ from packet
to<BR>packet.<BR>Does that mean that the data on which they point
occupies different area
in<BR>memory?<BR></FONT></FONT></DIV></BLOCKQUOTE>
<DIV><FONT size=2>Yes.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2><FONT size=2></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3>2. How do I know if the data pointed by
them is still valid in a
certain<BR>moment?<BR></FONT></FONT></DIV></BLOCKQUOTE>
<DIV><FONT size=2><FONT size=3><FONT size=2>Those pointers are valid
*only* in the context of the pcap_handler callback. Packets are reused
as soon as the pcap_handler callback returns.</FONT></FONT></FONT></DIV>
<DIV><FONT size=2><FONT size=3><FONT
size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3><FONT size=2>Have a nice
day</FONT></FONT></FONT></DIV>
<DIV><FONT size=2><FONT size=3><FONT
size=2>GV</FONT></FONT></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT size=2><FONT size=3><FONT
size=2></FONT></FONT></FONT> </DIV>
<DIV><FONT size=2><FONT size=3><BR>Regards<BR><BR>I.
Lesher</FONT><BR><BR></DIV></BLOCKQUOTE>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"></FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>