[Winpcap-users] Urgent - Why the IPv6 packets are filtered out?

Gianluca Varenni gianluca.varenni at cacetech.com
Fri Jan 19 16:38:27 GMT 2007


  ----- Original Message ----- 
  From: Bassam A. Al-Khaffaf 
  To: gianluca.varenni at cacetech.com ; winpcap-users at winpcap.org 
  Sent: Thursday, January 18, 2007 7:44 PM
  Subject: RE: [Winpcap-users] Urgent - Why the IPv6 packets are filtered out?


  Hi and thanks for your response.

   

  I use the same filter string with tcpdump in order to capture the IPv4 and IPv6 traffic targeted to ports 1812 and 1813 with no problem.

   

tcpdump on windows (i.e. windump) or on linux? Can you please send me an unfiltered ipv4/ipv6 capture so that I can do a couple of tests?



  I am 100% sure that this is a bug in winpcap.

   

  I wonder if there is something that I can combine into my code in order to capture the traffic from all the Interfaces in the same time in multihomed machine.

   

At the moment WinPcap does not offer such feature, i.e. an "any" device similar to linux.



Have a nice day

GV



  In fact I am writing a network application "Radius" using win32 C++ with visual C++ express edition, and I need to capture the source and destination MAC and IP/IPv6 addresses from any request targeted to a multihomed machine

   

  Regards

  Bassam

   


------------------------------------------------------------------------------

  From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com] 
  Sent: Friday, January 19, 2007 1:08 AM
  To: bassam at palettemm.com; winpcap-users at winpcap.org
  Subject: Re: [Winpcap-users] Urgent - Why the IPv6 packets are filtered out?

   

  Have you tried capturing with that same filter with tcpdump or wireshark and see if the ipv6 packets are captured or not?

   

  I suspect a bug in the pcap filter compiler.

   

  Have a nice day

  GV

   

    ----- Original Message ----- 

    From: Bassam A. Al-Khaffaf 

    To: winpcap-users at winpcap.org 

    Sent: Tuesday, January 16, 2007 10:11 PM

    Subject: [Winpcap-users] Urgent - Why the IPv6 packets are filtered out?

     

    Dear Folk,

     

       Please need your urgent help. I am using Winpcap 4.0 beta 3 developer's pack version to capture the Ethernet and IPv4/IPv6 headers in order to extract the MAC and IP addresses into my network application. The capturing operation is working fine, I mean capturing MAC and both IPv4/IPv6 addresses. However, when I try to filter out the traffic using both pcap_compile() and pcap_setfilter() functions along with the filter string "udp dst port 1812 or udp dst port 1813", Winpcap will no more show the IPv6 traffic, it shows only the IPv4 traffic destined to the two mentioned ports.

     

    If I changed the filter string to "ip or ip6", it will work fine but the problem here that the traffic destined not to the mentioned port will be captured as well

     

    The filtering part code snippet as shown here:

     

    /*****************************************************************************************/

        //The device is already opend

     

        if (d->addresses != NULL)

            /* Retrieve the mask of the first address of the interface */

            netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;

        else

            /* If the interface is without an address we suppose to be in a C class network */

            netmask=0xffffff; 

     

        //compile the filter 

        if (pcap_compile(adhandle, &fcode, "dst port 1812 or dst port 1813", 0, netmask) < 0)

        {

            cerr << "\nUnable to compile the packet filter. Check the syntax." << endl;

            /* Free the device list */

            pcap_freealldevs(alldevs);

            return -1;

        }

        

        //set the filter

        if (pcap_setfilter(adhandle, &fcode) < 0)

        {

            cerr << "\nError setting the filter." << endl;

            /* Free the device list */

            pcap_freealldevs(alldevs);

            return -1;

        }

     

       //Rest of code

    /*****************************************************************************************/

     

     

    Now if I comment out this part, I will be able to capture all the traffics includeing IPv6.

     

    I need your argent help and it is much appreciated.

     

    Regards

    Bassam


----------------------------------------------------------------------------

    _______________________________________________
    Winpcap-users mailing list
    Winpcap-users at winpcap.org
    https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070119/844baf97/attachment-0001.htm


More information about the Winpcap-users mailing list