[Winpcap-users] Need help for capture packets on winxp box

Gianluca Varenni gianluca.varenni at cacetech.com
Thu May 25 14:50:58 GMT 2006

Just a quick question: why are you using the Packet API instead of the pcap one?

I hope you have read the big notice in the documentation:

Important note, read carefully!
The source code of Packet.dll is freely available and completely documented. However, packet.dll should be considered an internal API, because its purpose inside WinPcap is to be a building block for the real public API: wpcap.dll.

As a consequence, since the normal and suggested way for an application to use WinPcap is through wpcap.dll, we don't guarantee that the packet.dll API will not be changed in future releases of winpcap, and we don't provide support for this API. For the same reason, this manual doesn't contain any more the Doxygen-generated documentation of Packet.dll: the user will have to run Doxygen on his own to create it, or read the comments in the source code.\\\

Have a nice day

  ----- Original Message ----- 
  From: yunshu at ph4nt0m.org 
  To: winpcap-users 
  Sent: Thursday, May 25, 2006 7:14 AM
  Subject: Fw: Re: [Winpcap-users] Need help for capture packets on winxp box


  The problem has been solved by Vasily Borovyak,he is so kind! Now,everybody can see
  what a stupid mistake I made yesterday! haha~


  yunshu at ph4nt0m.org


  发件人: Vasily Borovyak
  发送时间: 2006-05-25 21:29:01
  收件人: yunshu at ph4nt0m.org
  主题: Re: [Winpcap-users] Need help for capture packets on winxp box

  I made a deeper look. The problem I mention is the reason of your problem.

  The size of ethernet header for IPv4 is always 14 bytes (6 bytes + 6 bytes + 2 bytes).
  Your definition is 16+16+2=34 bytes long. And further in the code you're using sizeof keyword:

  //get ip header
  ipr = (IP_HDR *)(pchar+sizeof(ETH_HDR));

  So ipr poiter points somewhere to the IP packet data but not to the header of it.
  So simply change [16] to the [6].
  I'm sure it will help.

  I think the code you send us is not yours so you can't find the problem yourself. :)
  And if you afraid if the buffer is not enough then you not understand
  what the C programming language is. ;)

  Best regards. Vasily Borovyak <vbor at isd.dp.ua>


  Winpcap-users mailing list
  Winpcap-users at winpcap.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060525/86a12e97/attachment.htm

More information about the Winpcap-users mailing list