[Winpcap-users] can not get any captured package when

Bryan Kadzban bryan at kadzban.is-a-geek.net
Wed Aug 6 02:21:36 GMT 2008

Hash: RIPEMD160

Lin George wrote:
> I. I ping www.google.com, and get its IP address, say a.b.c.d;
> II. then I use WinDump host a.b.c.d, but no traffic.

When you're pinging (or doing HTTP to) www.google.com, or when you're
pinging (or doing HTTP to) a.b.c.d directly?  If you windump on the IP
address, then you *also* have to use the IP address in whatever program
you're using to generate the traffic.

Otherwise instead of trying to match up two random values (the result of
the windump name resolution and the result of the name resolution done
by the other program), you're trying to match one fixed value (the
"manual" name resolution) to one random value (the result of the name
resolution done by the other program).  *Both* need to be fixed.

> In the traffic captured by WinDump, I noticed all the traffic is from
> my computer to my Lab proxy server (not to the actual web server URL,
> e.g. www.google.com), I am wondering could the proxy the cause of
> this issue?

Um, yeah, if the traffic that you do want to capture is headed to a
proxy, then you need to have windump's filter set to the proxy's IP.
Just like you'd need to have windump's filter set to the IP of any other
random server if you're trying to capture that traffic.

windump (or any other libpcap/winpcap program) doesn't look inside the
proxy traffic when comparing packets against the "host" directive; it
just compares the IP src and dst addresses on the packet.
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Winpcap-users mailing list