[Winpcap-users] RE: Winpcap-users Digest, Vol 15, Issue 17
hürriyet adabag
adabag20 at hotmail.com
Fri Jun 23 23:04:36 GMT 2006
please, don't sent message me......
>From: winpcap-users-request at winpcap.org
>Reply-To: winpcap-users at winpcap.org
>To: winpcap-users at winpcap.org
>Subject: Winpcap-users Digest, Vol 15, Issue 17
>Date: Fri, 23 Jun 2006 17:27:20 GMT
>
>Send Winpcap-users mailing list submissions to
> winpcap-users at winpcap.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>or, via email, send a message with subject or body 'help' to
> winpcap-users-request at winpcap.org
>
>You can reach the person managing the list at
> winpcap-users-owner at winpcap.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Winpcap-users digest..."
>
>
>Today's Topics:
>
> 1. Circular buffer (Ioan Popescu)
> 2. timming analisy (Ricardo Santos)
> 3. RE: Winpcap-users Digest, Vol 15, Issue 16 (hürriyet adabag)
> 4. Re: Circular buffer (Loris Degioanni)
> 5. Re: timming analisy (Loris Degioanni)
> 6. Re: Circular buffer (Ioan Popescu)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Fri, 23 Jun 2006 08:35:21 -0400
>From: Ioan Popescu <ipopescu at dataq.com>
>Subject: [Winpcap-users] Circular buffer
>To: winpcap-users at winpcap.org
>Message-ID: <449BE009.1080901 at dataq.com>
>Content-Type: text/plain; charset=UTF-8
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>I have a couple of questions concerning the circular buffer:
>
>1. Is there an API call to determine whether any packets were dropped?
>Whether it's because the buffer overflowed or some other reason. Ethereal
>seems to be able to do this. I'm testing using "raw" packets, so Ethereal
>can't simply look at a counter in the packet and tell whether any were
>dropped.
>
>2. According to the documentation, the circular buffer should overwrite the
>older packets with the latest "wire" packets while at the same time serving
>the oldest available packets to the application. Is my understanding
>correct?
>
>3. I have noticed something peculiar related to kernel memory size and CPU
>usage. As I increase the kernel (and user) buffer, the % CPU usage of my
>test application goes up. I'm testing this using Task Manager. The test
>application stays the same, it uses a command line argument to set the
>memory size. It also works on the same set of data. What reason's might
>there be for such behavior?
>
>My test is this: "Raw" packets are being sent from a sending station as
>fast
>as possible (benchmark tests). My test application simply checks the
>packet's source MAC and a "counter" to manually check for dropped/missed
>packets. I've disabled TCP/IP on the network adapter and this is an
>isolated
>network, so there shouldn't be any other traffic to interfere.
>
>Receiving System:
>WinPCap 4.0 alpha 1 (same problem with 3.1)
>WinXP Home SP2
>Celeron D - 2.8GHz
>512MB PC2700 DDR
>100Base-TX network
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (MingW32)
>
>iQIVAwUBRJvgCHGK1KGABytRAQqKSQ/+MK0rcZQquIZdJPP8Vq4K11MUB3p27z7r
>AdAlH7rKFLJNGg4LZk56mpJiTytq94uwI5D+kKs6IaAgXXRFvxW57PYobn3Nqg3b
>H5Clww0rfGleQOMeYplYDITvkrmK1izloYLLghJp03KUX0l4CR5/4+I5TGxFyrgw
>1KP46ctzk1c8Jf3gGQGBGbrSgP/8WfGvMLNEaEbxEBDIKdUi/dR2Agf8mHAkpcl8
>79ROePkgLbbg6GKiCdhfbcp+vobz1DaGt4icM4Ejka3nCvJJQv+lRaAoWd9n7wDr
>ppBbgNy6IDk//Tx7fSd4fPBkBpLm7jxxlniPZNPRX4Z33tDFsi3N3KeVi1E/o07u
>gqLauotpMb0Ajwr7x530QLh7Foin2fM5msuSoUL6++8CipInr9qq7ZnRyvQkvVxD
>BKXYkddLCQ6zxAE7SMrfRPst/3uSlHO5DHgIS1Ou66VB3bFXuU9Jm//Q2GVbeJZH
>5N2dHFAz8+TeMq5EVgaa7rDTwdB3svCCKN9p0p/efDb55bz0ViS8NUJxQH5zMate
>3Ib/fgcSSA8C0pkiPUZ3yAquwsl1ZTl+sEZpemGPIdroTVRADwpe9dta/p1pgiTv
>k3O6uRsZmkXau2uSyW5QaEuX3Flb+L0BnMi8CV86+Iz9YliPUt1XgBqZQKslKaJs
>RrP0tJCbkB4=
>=Mbr5
>-----END PGP SIGNATURE-----
>
>
>------------------------------
>
>Message: 2
>Date: Fri, 23 Jun 2006 15:25:52 +0100
>From: "Ricardo Santos" <ricardo1784 at gmail.com>
>Subject: [Winpcap-users] timming analisy
>To: winpcap-users at winpcap.org
>Message-ID:
> <c08c7c9b0606230725t52bdba4re5c2920d7e178654 at mail.gmail.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>hi,
>
>
>i have a question for developers, whats is the timming measure of the
>tool???
>
>when the packet come in the ethernet card, or the tool read the buffer of
>ethernet card?
>
>
>thanks for attention,
>
>
>
>Ricardo
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://www.winpcap.org/pipermail/winpcap-users/attachments/20060623/97ce0223/attachment-0001.htm
>
>------------------------------
>
>Message: 3
>Date: Fri, 23 Jun 2006 15:16:35 +0000
>From: "hürriyet adabag" <adabag20 at hotmail.com>
>Subject: [Winpcap-users] RE: Winpcap-users Digest, Vol 15, Issue 16
>To: winpcap-users at winpcap.org
>Message-ID: <BAY122-F5F8951338AD2DE22846B3CD7A0 at phx.gbl>
>Content-Type: text/plain; format=flowed
>
>
>
>
> >From: winpcap-users-request at winpcap.org
> >Reply-To: winpcap-users at winpcap.org
> >To: winpcap-users at winpcap.org
> >Subject: Winpcap-users Digest, Vol 15, Issue 16
> >Date: Fri, 23 Jun 2006 11:40:09 GMT
> >
> >Send Winpcap-users mailing list submissions to
> > winpcap-users at winpcap.org
> >
> >To subscribe or unsubscribe via the World Wide Web, visit
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >or, via email, send a message with subject or body 'help' to
> > winpcap-users-request at winpcap.org
> >
> >You can reach the person managing the list at
> > winpcap-users-owner at winpcap.org
> >
> >When replying, please edit your Subject line so it is more specific
> >than "Re: Contents of Winpcap-users digest..."
> >
> >
> >Today's Topics:
> >
> > 1. RE: Packet32.h(209) : error C2079: 'IPAddress'usesundefined
> > struct 'sockaddr_storage' (Steven Smethurst)
> > 2. RE: Problem with PacketGetAdapterNames (Gonze Didier)
> > 3. Does WinPcap support capturing wireless frames - with NETGEAR
> > WAB501 wireless adapter or Wireless PC card WAG511 v2 (vimal raj)
> >
> >
> >----------------------------------------------------------------------
> >
> >Message: 1
> >Date: Thu, 22 Jun 2006 15:46:18 -0700
> >From: "Steven Smethurst" <funvill at funvill.com>
> >Subject: RE: [Winpcap-users] Packet32.h(209) : error C2079:
> > 'IPAddress'usesundefined struct 'sockaddr_storage'
> >To: <winpcap-users at winpcap.org>
> >Message-ID: <003201c6964d$aea672f0$6601a8c0 at Funvill>
> >Content-Type: text/plain; charset="us-ascii"
> >
> >Hello
> >
> >
> >
> >Thank you,
> >
> >This solved my problem
> >
> >I guess I downloaded an improper version of the windows SDK.
> >
> >
> >
> >Thanks again for your help.
> >
> >
> >
> >- Steven Smethurst
> >
> >
> >
> > _____
> >
> >From: winpcap-users-bounces at winpcap.org
> >[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca Varenni
> >Sent: Wednesday, June 21, 2006 11:36 PM
> >To: winpcap-users at winpcap.org
> >Subject: Re: [Winpcap-users] Packet32.h(209) : error C2079:
> >'IPAddress'usesundefined struct 'sockaddr_storage'
> >
> >
> >
> >Steven,
> >
> >
> >
> >you probably installed the wrong version of the Platform SDK: the latest
> >versions of the PSDK are *not* compatible with Visual Studio. A version
>of
> >the Microsoft Platform Software Development Kit (SDK) that is compatible
> >with Visual Studio 6 (Platform SDK February 2003) is available on the
> >Microsoft web site at
> ><http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm>
> >http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm.
>It
> >can be ordered online at <http://www.qmedia.ca/launch/psdk.htm>
> >http://www.qmedia.ca/launch/psdk.htm, and it's also available to
>Microsoft
> >MSDN subscribers on the Subscribers Downloads web site.
> >
> >
> >
> >NOTE: after installing it, you should register it within visual studio,
>go
> >to start->AllPrograms->Microsoft Platform sDK Feb2003->Visual Studio
> >registration->register PSDK directories within visual studio.
> >
> >
> >
> >Have a nice day
> >
> >GV
> >
> >
> >
> >
> >----- Original Message -----
> >
> >From: Steven Smethurst <mailto:funvill at funvill.com>
> >
> >To: winpcap-users at winpcap.org
> >
> >Sent: Wednesday, June 21, 2006 4:49 PM
> >
> >Subject: [Winpcap-users] Packet32.h(209) : error C2079: 'IPAddress'
> >usesundefined struct 'sockaddr_storage'
> >
> >
> >
> >Hello
> >
> >
> >
> >I am trying to build one of the examples that came with Winpcap version
>3.1
> >
> >\Examples-remote\PacketDriver\GetMacAddress
> >
> >
> >
> >And I am getting the following errors
> >
> >Compiling...
> >
> >GetMacAddress.c
> >
> >c:\dev\sdk\wpdpack\include\packet32.h(209) : error C2079: 'IPAddress'
>uses
> >undefined struct 'sockaddr_storage'
> >
> >c:\dev\sdk\wpdpack\include\packet32.h(210) : error C2079: 'SubnetMask'
>uses
> >undefined struct 'sockaddr_storage'
> >
> >c:\dev\sdk\wpdpack\include\packet32.h(211) : error C2079: 'Broadcast'
>uses
> >undefined struct 'sockaddr_storage'
> >
> >
> >
> >
> >
> >Snippet from c:\dev\sdk\wpdpack\include\packet32.h
> >
> >--------------------------------------------------------------------
> >
> >/*!
> >
> > \brief Addresses of a network adapter.
> >
> >
> >
> > This structure is used by the PacketGetNetInfoEx() function to return
> >the
> >IP addresses associated with
> >
> > an adapter.
> >
> >*/
> >
> >
> >
> >typedef struct npf_if_addr {
> >
> > struct sockaddr_storage IPAddress; ///< IP address.
> >
> > struct sockaddr_storage SubnetMask; ///< Netmask for
>that
> >address.
> >
> > struct sockaddr_storage Broadcast; ///< Broadcast
> >address.
> >
> >}npf_if_addr;
> >
> >--------------------------------------------------------------------
> >
> >
> >
> >
> >
> >
> >
> >I am able to build all the \Examples-pcap example with out any problems.
> >
> >Any help or suggestions would be greatly appreciated.
> >
> >
> >
> >
> >
> >Using WinPcap version 3.1
> >
> >With Visual studios 6.0
> >
> >I have also updated my platformsdk
> >
> >http://www.microsoft.com/msdownload/platformsdk/sdkupdate
> >
> >
> >
> >
> >
> >
> > _____
> >
> >
> >_______________________________________________
> >Winpcap-users mailing list
> >Winpcap-users at winpcap.org
> >https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> >http://www.winpcap.org/pipermail/winpcap-users/attachments/20060622/5913ac5e/attachment-0001.htm
> >
> >------------------------------
> >
> >Message: 2
> >Date: Fri, 23 Jun 2006 09:29:17 +0200
> >From: "Gonze Didier" <Didier.Gonze at thomson.net>
> >Subject: RE: [Winpcap-users] Problem with PacketGetAdapterNames
> >To: <winpcap-users at winpcap.org>
> >Message-ID:
> > <1F5308C5923F3B4DAA51D189BF255006015C9170 at edgmsmail01.eu.thmulti.com>
> >Content-Type: text/plain; charset="us-ascii"
> >
> >Loris,
> >
> >I have just installed WinPcap 3.0: It works perfectly as with Ethereal
> >as with the WinDump version 3.8 alpha (it seems the latest WinDump
> >version is not compatible with WinPcap 3.0)
> >
> >For the moment, it solve my problem
> >I just hope that there is no feature on latest WinPcap that I need for
> >the capture.
> >
> >Thanks
> >
> >
> > > -----Original Message-----
> > > From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-
> > > bounces at winpcap.org] On Behalf Of Loris Degioanni
> > > Sent: woensdag 21 juni 2006 17:40
> > > To: winpcap-users at winpcap.org
> > > Subject: Re: [Winpcap-users] Problem with PacketGetAdapterNames
> > >
> > > Gonze Didier wrote:
> > >
> > > > Using Ethereal I was receiving the following message:
> > > >
> > > >
> > > >
> > > > Can't get list of interfaces: PacketGetAdapterNames: There are no
> >more
> > > > files. (18)
> > > >
> > > >
> > > >
> > > > From the Ethereal site I've read the advice to try with WinDump in
> > > > order to see if the problem was linked with Ethereal or WinPCap:
> > > >
> > > >
> > > >
> > > > Running WinDump.exe -D I receive the first time as expected the name
> >of
> > > > the interface:
> > > >
> > > >
> > > >
> > > > /1.\Device\NPF_GenericDialupAdapter (Generic dialup adapter)/
> > > >
> > > > /2.\Device\NPF_{2ADF974F-F3C9-48FF-97E2-3C261938FA9A} (Dell
> >draadloze
> > > > 1350 WLAN Mini-PCI kaart (Microsoft's Packet Sche/
> > > >
> > > > /duler) )/
> > > >
> > > > /3.\Device\NPF_{889EBB8E-FD12-4D35-AB19-BF61DF1BCA73} (NOC Extranet
> > > > Access Adapter (Microsoft's Packet Scheduler) )/
> > > >
> > > > /4.\Device\NPF_{EA1435B5-323F-40A0-A2EA-DEB99F70041F} (Broadcom
> > > > NetXtreme Gigabit Ethernet Driver (Microsoft's Packet S/
> > > >
> > > > /cheduler) )/
> > > >
> > > >
> > > >
> > > > The second time all the interfaces are gone but I receive a message
> >that
> > > > the command is correctly applied:
> > > >
> > > >
> > > >
> > > > WinDump.exe: PacketGetAdapterNames: The operation completed
> > > > successfully. (0)
> > > >
> > > >
> > > >
> > > > This test is done with WinPCap 3.1
> > > >
> > > > Only after a reboot of the PC I receive back the correct interface.
> > > >
> > > >
> > > >
> > > > My conclusion is thus that the problem is located in WinPCap
> > > >
> > > >
> > > >
> > > > The Ethereal test were done with 3.1, 3.1 beta4 and 4.0 alpha1.
> > > >
> > > > My guess: is that the problem has been introduced when I've go from
> > > > WinPCap 3.0 to WinPCap 3.1 beta4 but now when I install WinPCap 3.1
> > > > there is still some part of the the beta version which are not
> > > uninstalled
> > > >
> > >
> > > So was it working with WinPcap 3.0?
> > >
> > > Loris
> > >
> > > >
> > > >
> > > >
> > > > Can you help me?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Didier Gonze
> > > >
> > > > Project Management
> > > >
> > > > AP&G DSL R&D
> > > >
> > > >
> > > >
> > > > Mobile: +32 495586640
> > > >
> > > > Fixed: +32 3 4436609
> > > >
> > > >
> > > >
> > > > Prins Boudewijnlaan 47
> > > >
> > > > 2650 Edegem
> > > >
> > > > Belgium
> > > >
> > > >
> > > >
> > > >
> > > >
> >------------------------------------------------------------------------
> > > >
> > > > _______________________________________________
> > > > Winpcap-users mailing list
> > > > Winpcap-users at winpcap.org
> > > > https://www.winpcap.org/mailman/listinfo/winpcap-users
> > > _______________________________________________
> > > Winpcap-users mailing list
> > > Winpcap-users at winpcap.org
> > > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
> >
> >
> >
> >------------------------------
> >
> >Message: 3
> >Date: Fri, 23 Jun 2006 16:29:56 +0530
> >From: "vimal raj" <vimal.raj at cranessoftware.com>
> >Subject: [Winpcap-users] Does WinPcap support capturing wireless
> > frames - with NETGEAR WAB501 wireless adapter or Wireless PC card
> > WAG511 v2
> >To: <winpcap-users at winpcap.org>
> >Message-ID: <200606231103.k5NB3Ldu083560 at staphna2.securesites.net>
> >Content-Type: text/plain; charset="us-ascii"
> >
> >
> >
> >
> >
> >Hi all,
> >
> >
> >
> > I want to develop an application which should capture all
>raw
> >data packets going through the wireless adapter.
> >
> >
> >
> >My card specifications are
> >
> >
> >
> >1. NETGEAR wireless adapter WAB501
> >
> >802.11 a/b
> >32 bit card bus model
> >
> >
> >
> >2. NETGEAR Wireless PC card WAG511 v2
> >
> >Dual band wireless PC card
> >32 bit card bus model
> >
> >
> >
> >Have any body in our group did experiments with these cards.
> >
> >Please reply me. And give me advice whether I can adopt some technique
> >other
> >than WinPcap to retrieve data
> >
> >(without writing a miniport driver and intermediate driver. I am not a
> >device driver programmer.)
> >
> >
> >
> >Regards,
> >
> >vimal
> >
> >
> >
> >-------------- next part --------------
> >An HTML attachment was scrubbed...
> >URL:
> >http://www.winpcap.org/pipermail/winpcap-users/attachments/20060623/237a96f2/attachment.htm
> >
> >------------------------------
> >
> >_______________________________________________
> >Winpcap-users mailing list
> >Winpcap-users at winpcap.org
> >https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
> >
> >End of Winpcap-users Digest, Vol 15, Issue 16
> >*********************************************
>
>_________________________________________________________________
>Siz siz olun MSN'den hava durumunu ögrenmeden evden çikmayin!
>http://www.msn.com.tr/havadurumu/
>
>
>
>------------------------------
>
>Message: 4
>Date: Fri, 23 Jun 2006 08:46:48 -0700
>From: Loris Degioanni <loris.degioanni at gmail.com>
>Subject: Re: [Winpcap-users] Circular buffer
>To: winpcap-users at winpcap.org
>Message-ID: <449C0CE8.30002 at gmail.com>
>Content-Type: text/plain; charset=UTF-8; format=flowed
>
>Ioan Popescu wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > I have a couple of questions concerning the circular buffer:
> >
> > 1. Is there an API call to determine whether any packets were dropped?
> > Whether it's because the buffer overflowed or some other reason.
>Ethereal
> > seems to be able to do this. I'm testing using "raw" packets, so
>Ethereal
> > can't simply look at a counter in the packet and tell whether any were
>dropped.
>
>pcap_stats()
>
> > 2. According to the documentation, the circular buffer should overwrite
>the
> > older packets with the latest "wire" packets while at the same time
>serving
> > the oldest available packets to the application. Is my understanding
>correct?
>
>The driver overwrites a packet only after it's been "consumed" by the
>application. If the application is stuck, the driver starts dropping
>packets when it reaches the tail of the buffer.
>
> > 3. I have noticed something peculiar related to kernel memory size and
>CPU
> > usage. As I increase the kernel (and user) buffer, the % CPU usage of my
> > test application goes up. I'm testing this using Task Manager. The test
> > application stays the same, it uses a command line argument to set the
> > memory size. It also works on the same set of data. What reason's might
> > there be for such behavior?
>
>How big is the buffer that you set?
>The driver allocates this buffer from the nonpaged memory pool, and
>setting it to a very big size could impact on the OS performance. Other
>than that, the only reason why changing the size of the buffers could
>slow your application down is caching issues.
>
>Loris
>
> > My test is this: "Raw" packets are being sent from a sending station as
>fast
> > as possible (benchmark tests). My test application simply checks the
> > packet's source MAC and a "counter" to manually check for dropped/missed
> > packets. I've disabled TCP/IP on the network adapter and this is an
>isolated
> > network, so there shouldn't be any other traffic to interfere.
> >
> > Receiving System:
> > WinPCap 4.0 alpha 1 (same problem with 3.1)
> > WinXP Home SP2
> > Celeron D - 2.8GHz
> > 512MB PC2700 DDR
> > 100Base-TX network
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (MingW32)
> >
> > iQIVAwUBRJvgCHGK1KGABytRAQqKSQ/+MK0rcZQquIZdJPP8Vq4K11MUB3p27z7r
> > AdAlH7rKFLJNGg4LZk56mpJiTytq94uwI5D+kKs6IaAgXXRFvxW57PYobn3Nqg3b
> > H5Clww0rfGleQOMeYplYDITvkrmK1izloYLLghJp03KUX0l4CR5/4+I5TGxFyrgw
> > 1KP46ctzk1c8Jf3gGQGBGbrSgP/8WfGvMLNEaEbxEBDIKdUi/dR2Agf8mHAkpcl8
> > 79ROePkgLbbg6GKiCdhfbcp+vobz1DaGt4icM4Ejka3nCvJJQv+lRaAoWd9n7wDr
> > ppBbgNy6IDk//Tx7fSd4fPBkBpLm7jxxlniPZNPRX4Z33tDFsi3N3KeVi1E/o07u
> > gqLauotpMb0Ajwr7x530QLh7Foin2fM5msuSoUL6++8CipInr9qq7ZnRyvQkvVxD
> > BKXYkddLCQ6zxAE7SMrfRPst/3uSlHO5DHgIS1Ou66VB3bFXuU9Jm//Q2GVbeJZH
> > 5N2dHFAz8+TeMq5EVgaa7rDTwdB3svCCKN9p0p/efDb55bz0ViS8NUJxQH5zMate
> > 3Ib/fgcSSA8C0pkiPUZ3yAquwsl1ZTl+sEZpemGPIdroTVRADwpe9dta/p1pgiTv
> > k3O6uRsZmkXau2uSyW5QaEuX3Flb+L0BnMi8CV86+Iz9YliPUt1XgBqZQKslKaJs
> > RrP0tJCbkB4=
> > =Mbr5
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
>
>
>------------------------------
>
>Message: 5
>Date: Fri, 23 Jun 2006 08:51:23 -0700
>From: Loris Degioanni <loris.degioanni at gmail.com>
>Subject: Re: [Winpcap-users] timming analisy
>To: winpcap-users at winpcap.org
>Message-ID: <449C0DFB.4080406 at gmail.com>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Ricardo Santos wrote:
>
> > hi,
> >
> >
> > i have a question for developers, whats is the timming measure of the
> > tool???
> >
> > when the packet come in the ethernet card, or the tool read the buffer
> > of ethernet card?
>
>The packets are timestamped when they are received by the WinPcap
>capture driver, whose place in the OS is shortly described at
>http://www.winpcap.org/docs/docs31/html/group__NPF.html.
>
>Essentially, the timestamp is associated with the packet after it's
>being copied to the PC memory and when its arrival is signaled to the
>protocols.
>
>Loris
>
>
> >
> > thanks for attention,
> >
> >
> >
> > Ricardo
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
>------------------------------
>
>Message: 6
>Date: Fri, 23 Jun 2006 13:09:00 -0400
>From: Ioan Popescu <ipopescu at dataq.com>
>Subject: Re: [Winpcap-users] Circular buffer
>To: winpcap-users at winpcap.org
>Message-ID: <449C202C.6080106 at dataq.com>
>Content-Type: text/plain; charset=UTF-8
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>Loris Degioanni wrote:
> > 2. According to the documentation, the circular buffer should
> > overwrite the
> > older packets with the latest "wire" packets while at the same time
> > serving
> > the oldest available packets to the application. Is my understanding
> > correct?
> >
> >> The driver overwrites a packet only after it's been "consumed" by the
> >> application. If the application is stuck, the driver starts dropping
> >> packets when it reaches the tail of the buffer.
>
>So these "purposely" dropped packets are reported in the pcap_stat
>structure? Is there a way to reset these stats? Besides closing and
>reopening the adapter. Although, I could keep track of when I check it and
>simply subtract off what I consider "handled".
>
> > 3. I have noticed something peculiar related to kernel memory size and
> > CPU
> > usage. As I increase the kernel (and user) buffer, the % CPU usage of my
> > test application goes up. I'm testing this using Task Manager. The test
> > application stays the same, it uses a command line argument to set the
> > memory size. It also works on the same set of data. What reason's might
> > there be for such behavior?
> >
> >> How big is the buffer that you set?
> >> The driver allocates this buffer from the nonpaged memory pool, and
> >> setting it to a very big size could impact on the OS performance. Other
> >> than that, the only reason why changing the size of the buffers could
> >> slow your application down is caching issues.
>
>
>The effect is shown over a range of sizes. I've tried values from 100,000
>to
>50,000,000. The effect is "skewed" depending on the machine, but it's still
>there. My first thought was that more processing needed to be done to
>"handle" the larger amount of memory, but I've not yet come up with any
>good
>ideas as to what might cause such a thing.
>
>I understand your reasoning for large buffers, but why is the effect
>noticeable even at smaller ranges? I'll try to see if I can come up with a
>good size at which an "outlier" occurs.
>
>Is there any reason for me to test the kernel and user buffers
>independently? Up until now, I've set both of them to the same values.
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (MingW32)
>
>iQIVAwUBRJwgLHGK1KGABytRAQqUig/+Jwa2J+satKUvk9prRxIooC0i4ZA71Zmx
>qfD6Ftjr/Lut3BlbJYUoIivvv4ifrvvDRtZOLDMW1ErRX+2e33gfUN1KNSW+PFa4
>jM9r3lTc55DKD+bFqjJExbLA7cV24/V+97Phj7KPu/fTPJb7YcfycCgZgT7u6yqo
>uOZ/9jtx65oAOy/hGugELblYbXJW4TPrNfpzb9zGIpni9QBD2F0ccD+Cv9ad9Wwz
>34/NmcpTAfwcHooVdO7TWZ79tlQzi5/wXBGN5fmp6Z/Ffpr5mBzxc79HIdcEXk7Q
>ScBK+SDTPSv/ZIzNEnypJX/aZjdzXMmm4N+5SWh5NdmrL3AY6iK9MGQFQ6t0VYpO
>o+GTw6/X1ZLC1AVyNaQ5QAh1ZDPJvPmOGS17PIjyGvgcBisHshRnpsgrSPxFoSGv
>suSfEyWKLXvnmUuSwbF08U5aLGqTRrY9mQ+9UA1IrSkIq1ykxXk1X8Zit8RUhFz7
>H6DkkcHO0wJshqpXqVdpOy5sq53nEUgFyfz3cv1SXrlipd4ReDs8Dela3iTwl9ul
>4RjlfIu2G4I8Oqw7163VpLkvguldQ38s71c2B74S990LcLBOOHF3qBsa6BQszwVm
>LmGU1ftMdVzTr+GPwpXyDC02CeoYgCY18vthU7L+w/iz8jPUrhYMuFT/QJGmMLML
>u4IT/OnmbIk=
>=OYxb
>-----END PGP SIGNATURE-----
>
>
>------------------------------
>
>_______________________________________________
>Winpcap-users mailing list
>Winpcap-users at winpcap.org
>https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
>End of Winpcap-users Digest, Vol 15, Issue 17
>*********************************************
_________________________________________________________________
Her yönüyle sohbetin tadi ancak Messenger ile çikar!
http://messenger.msn.com/?mkt=tr&DI=3490&XAPID=2584
More information about the Winpcap-users
mailing list