[Winpcap-users] Issue in total data transverse from Network Card

Abdul Qayum abdulqayum at gmail.com
Thu Sep 29 13:27:48 GMT 2005 

On 9/29/05, Abdul Qayum <abdulqayum at gmail.com> wrote:
>
> Dear Sir,
> i checked it with Ethereal . Its same Ethereal send two request and
> receive one reply.
>  But i designed a simple application which monitor traffic on a given ip
> and draw graph w.r.t time for both side traffic. Traffic coming from that
> IP address and Taffic moving toward that IP address.
>  Its work by getting the length of packet from pcap_pkthdr *header and
> obviously filtering mentioned ip address. its string for filter is char
> packet_filter[] = "ip";
>  My application work fine as longs as data size is under the limit of MTU
> i.e less than 1500-hearder.
> It shows same length of data coming and going out.
>  But as packet size increase from 1500 byte( Fragmentation start ).
> Sending taffic shown greater than received traffic.
>  As size increases difference of total data send and receive increases.
> Interesting thing is that difference maintain same.
>   Note: I generated traffic using ping and size change using l switch. and
> i use function f pcap_next_ex( adhandle, &header, &pkt_data) for capturing
> traffic.
>     Pls help me to rectify this issue.
>
>
>  On 9/28/05, Loris Degioanni <loris.degioanni at gmail.com> wrote:
> >
> > What is the output of WinDump or Ethereal with the same traffic?
> >
> > Loris
> >
> >
> > Abdul Qayum wrote:
> > > Hello Everybody
> > > I have confusion about traffic capture by example program given in
> > winpcap
> > > tutorial. I copied the program and compile it. I am using Winpcap
> > > 3.1original version
> > >
> > > To simulate Traffic i just use ping command to send 50 byte at its
> > reqular
> > > interval
> > >
> > > ping 10.56.18.1 <http://10.56.18.1/> <http://10.56.18.1> -t -l 50
> > >
> > > The output shows that
> > >
> > > two packet send contineously by sender
> > > but only one packet received from receiver
> > > and this pattern is contineous
> > >
> > > But in Ping command as many packet send , same should be received. It
> > > was not case in output on screen. I used DU
> > > meter ( bandwidth software www.dumeter.com <http://www.dumeter.com/> <
> > http://www.dumeter.com/> <
> > > http://www.dumeter.com <http://www.dumeter.com/>> ) for
> > > comparison its give me exact result but packer capturing routine
> > giving me
> > > differnet result.
> > >
> > > It shows onne packet received against two packet send. its shown below
> > > If someone could help me. I will be greatful
> > >
> > > Muhammad Abdul Qayum
> > > Reslut of capturing packet programe.
> > > 1:17:17.727451 len:92 10.56.18.24.8 -> 10.56.18.1.29261
> > > 1:17:17.727486 len:92 10.56.18.24.8 -> 10.56.18.1.29261
> > > 1:17:17.728696 len:92 10.56.18.1.0 -> 10.56.18.24.29269
> > >
> > > 1:17: 18.733117 len:92 10.56.18.24.8 -> 10.56.18.1.29260
> > > 1:17:18.733125 len:92 10.56.18.24.8 -> 10.56.18.1.29260
> > > 1:17:18.733127 len:92 10.56.18.1.0 -> 10.56.18.24.29268
> > >
> > > 1:17:19.730743 len:92 10.56.18.24.8 -> 10.56.18.1.29259
> > > 1:17:19.730776 len:92 10.56.18.24.8 -> 10.56.18.1.29259
> > > 1:17:19.731981 len:92 10.56.18.1.0 -> 10.56.18.24.29267
> > >
> > > 1:17:20.736450 len:92 10.56.18.24.8 -> 10.56.18.1.29258
> > > 1:17:20.736457 len:92 10.56.18.24.8 ->10.56.18.1.29258
> > > 1:17:20.736459 len:92 10.56.18.1.0 -> 10.56.18.24.29266
> > >
> > > 1:17:21.734230 len:92 10.56.18.24.8 -> 10.56.18.1.29257
> > > 1:17:21.734263 len:92 10.56.18.24.8 -> 10.56.18.1.29257
> > > 1:17:21.735244 len:92 10.56.18.1.0 -> 10.56.18.24.29265
> > >
> > > 1:17:22.736412 len:92 10.56.18.24.8 -> 10.56.18.1.29256
> > > 1:17: 22.736447 len:92 10.56.18.24.8 -> 10.56.18.1.29256
> > > 1:17:22.737467 len:92 10.56.18.1.0 -> 10.56.18.24.29264
> > >
> > > 1:17:23.743066 len:92 10.56.18.24.8 -> 10.56.18.1.29255
> > > 1:17:23.743072 len:92 10.56.18.24.8 -> 10.56.18.1.29255
> > > 1:17:23.743074 len:92 10.56.18.1.0 -> 10.56.18.24.29263
> > >
> > >
> > > Pls guide
> > >
> > >
> > > Thanking you
> > >
> > > Muhammad Abdul Qayum
> > >
> > >
> > >
> > >
> > >
> > ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Winpcap-users mailing list
> > > Winpcap-users at winpcap.org
> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20050929/12a7e728/attachment.htm

More information about the Winpcap-users mailing list