[Winpcap-users] Problem sniffing packets generated and received
onlocal machine
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Fri Oct 13 21:37:11 GMT 2006
Gianluca Varenni wrote:
> Both the traffic exchanged between the two IPs on the same NIC and
> the two IPs on two NICs are managed by the TCP/IP protocol driver, so
> above the network cards (and in parallel with WinPcap).
Yes, that is true. However, the reason is that if you check your route
table, you'll see an entry for *every* IP address bound to your local
adapters. These entries always go through the loopback adapter (and
therefore it is true that it's handled inside the TCP/IP protocol
driver, since that's the driver that provides the loopback adapter).
So you're right, at a high level, but the low-level reason is the route
table entries that Windows creates when you assign an address to an
adapter. (You can't get rid of these entries, BTW, but I think it is
possible to override them with entries to make the packets go out onto
the wire, through the NIC(s). I can't really remember how that's done,
though, or if it breaks anything else.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://www.winpcap.org/pipermail/winpcap-users/attachments/20061013/b73fe1e5/signature.pgp
More information about the Winpcap-users
mailing list