[Winpcap-users] Problem sniffing packets generated and received
onlocal machine
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Oct 13 19:36:57 GMT 2006
You won't probably be able to capture the traffic in both situations.
Both the traffic exchanged between the two IPs on the same NIC and the two
IPs on two NICs are managed by the TCP/IP protocol driver, so above the
network cards (and in parallel with WinPcap). The packets don't go down the
stack to the network cards, so WinPcap has no chance of seeing them.
Have a nice day
GV
----- Original Message -----
From: <jwackley at mountaincable.net>
To: <winpcap-users at winpcap.org>
Sent: Friday, October 13, 2006 12:09 PM
Subject: [Winpcap-users] Problem sniffing packets generated and received
onlocal machine
>
> Hi,
>
> Looked through the archives and could find nothing related to this issue.
>
> One network card has 10 ip addresses assigned to it, the second network
> card has only one address assigned to it. The first problem scenario
> involves only the first card, wireshark does not capture packets generated
> and received locally using only addresses bound with only the first card.
> The second scenario involves both cards, wireshark does not capture
> packets generated and received locally, with the sender and receiver bound
> to different ip addresses on the two different cards.
>
> First scenario, I generate UDP traffic on one of the ip addresses on the
> first card, to a process listening on an address still on the first card.
> In other words the sending and receiving programs are using only the
> protocol stack of the first card. The application operates fine and
> packets are being sent and received. Wireshark does not capture any of
> these packets.
>
> Second scenario, I generate UDP traffic on the second card to an
> application listening on one of the addresses of the first card.
> Wireshark does not capture any of these packets. Again everything seems
> to work find with the application.
>
> The OS is windows XP SP2. I am using wireshark 0.99.3 and have tried
> winpcap 3.1 and 4.0 beta with no luck. Wireshark can capture packets that
> are sniffed from the wire, but does not seem to capture packets generated
> and consumed locally.
>
> Any suggestion how to address this issue would be greatly appreciated.
>
> Thanks,
> jonw
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list