[Winpcap-users] REPOST: Winpcap and VMware - known problem - ??

Fri Dec 16 17:49:21 GMT 2005

(I sent this about an hour ago, but it seemed to get bounced due to an
attached screen shot, so I'm trying again.  <I'm new - be gentle :-)>

PROBLEM DESCRIPTION

I ran Ethereal (0.10.13) on a machine ("the capture box"), to capture
traffic between it and another machine.  When I inspected the resultant
trace file, I saw that there were packets missing on the sender (capture
box) side.  In other words, the missing packets were not packets
expected to arrive from across the network, but were packets that the
capture box was to send!  That was something I had never seen before.
How could packets get lost before you even send them?

So I looked at the NIC on the capture box, and I saw that it was a:
"VMware virtual ethernet interface".

I talked with a colleague who knows much more about VMware than I, and
he informed me that VMware uses a "virtual" NIC that sits between the
virtual machine and the "real" NIC.

Bottom line:  I'm assuming at this point that the strange behavior I'm
seeing is due to this VMware virtual NIC and/or how WinPcap interacts
with it.

Can anyone confirm this, and/or provide suggestions or pointers for
working around it?

VERSION INFO

Ethereal 0.10.13 

WinPcap 3.1(packet.dll 3, 1, 0, 27) based on libpcap version 0.9[.x] on
Windows 2000 Service Pack 4, build 2195)

Thx,

Michael Feeny

Merrill Lynch
--------------------------------------------------------

If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail.     http://www.ml.com/email_terms/
--------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20051216/4ef78139/attachment.htm