[Winpcap-users] can not get any captured package when
Lin George
george4academic at yahoo.com
Wed Aug 6 07:30:47 GMT 2008
Cool Bryan!
Some more comments after experiments,
1.
> When you're pinging (or doing HTTP to) www.google.com, or when you're
> pinging (or doing HTTP to) a.b.c.d directly?
I am ping www.google.com, and get its IP address like a.b.c.d.
2.
> Otherwise instead of trying to match up two random values (the result of
> the windump name resolution and the result of the name resolution done
> by the other program), you're trying to match one fixed value (the
> "manual" name resolution) to one random value (the result of the name
> resolution done by the other program). *Both* need to be fixed.
Could you explain why you think IP address after name resolution is random (non-determistic) other than determistic please? I have this confusion is becasue, when I ping the www.google.com. on the command line window, always returns the same IP address, should not be random.
3.
> Um, yeah, if the traffic that you do want to capture is headed to a
> proxy, then you need to have windump's filter set to the proxy's IP.
> Just like you'd need to have windump's filter set to the IP of any other
> random server if you're trying to capture that traffic.
> windump (or any other libpcap/winpcap program) doesn't look inside the
> proxy traffic when comparing packets against the "host" directive; it
> just compares the IP src and dst addresses on the packet.
You mean if I am using proxy in my intranet, the source address and destination address (which we could use host to filter in WinDump) is always my computer's IP and proxy's IP? Not the actual IP of the web site (e.g. www.google.com)? And this is why when I set host to the IP of google, I can not get any result?
regards,
George
----- Original Message ----
From: Bryan Kadzban <bryan at kadzban.is-a-geek.net>
To: Lin George <george4academic at yahoo.com>
Cc: winpcap-users at winpcap.org
Sent: Wednesday, August 6, 2008 10:21:36 AM
Subject: Re: [Winpcap-users] can not get any captured package when
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Lin George wrote:
> I. I ping www.google.com, and get its IP address, say a.b.c.d;
> II. then I use WinDump host a.b.c.d, but no traffic.
When you're pinging (or doing HTTP to) www.google.com, or when you're
pinging (or doing HTTP to) a.b.c.d directly? If you windump on the IP
address, then you *also* have to use the IP address in whatever program
you're using to generate the traffic.
Otherwise instead of trying to match up two random values (the result of
the windump name resolution and the result of the name resolution done
by the other program), you're trying to match one fixed value (the
"manual" name resolution) to one random value (the result of the name
resolution done by the other program). *Both* need to be fixed.
> In the traffic captured by WinDump, I noticed all the traffic is from
> my computer to my Lab proxy server (not to the actual web server URL,
> e.g. www.google.com), I am wondering could the proxy the cause of
> this issue?
Um, yeah, if the traffic that you do want to capture is headed to a
proxy, then you need to have windump's filter set to the proxy's IP.
Just like you'd need to have windump's filter set to the IP of any other
random server if you're trying to capture that traffic.
windump (or any other libpcap/winpcap program) doesn't look inside the
proxy traffic when comparing packets against the "host" directive; it
just compares the IP src and dst addresses on the packet.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFImQqvS5vET1Wea5wRA8zcAJ9vRiRAnmC2zB6yzqLdEqh+G5As0QCeLWZO
4JSKXlCCO0CJePDo9irDq0o=
=a9zw
-----END PGP SIGNATURE-----
More information about the Winpcap-users
mailing list