[Winpcap-users] can not get any captured package when

Lin George george4academic at yahoo.com
Wed Aug 13 02:02:28 GMT 2008

Thanks Bryan,
I am interested in your reply regarding to proxy and transparent proxy. In my understanding if we do not need to set explicitly in IE or Windows Registry the proxy address and port, the proxy will be used transparently and in this situation the proxy is called transparent proxy. Or else, it is called non-transparent proxy. Is my understanding correct? What is the correct understanding of whether a proxy is transparent or not?
For gateway, I think there is also transparent and non-transparent, from "end user" (not network admin) point of view, how do we know whether of the 4 following situations are used?
- transparent proxy;
- transparent gateway;
- non-transparent proxy;
- non-transparent gateway.

Is it correct understanding that all transparent proxy will do DNS resolution and non-transparent proxy will not do DNS resolution?

----- Original Message ----
From: Bryan Kadzban <bryan at kadzban.is-a-geek.net>
To: Lin George <george4academic at yahoo.com>
Cc: winpcap-users at winpcap.org
Sent: Tuesday, August 12, 2008 9:10:10 PM
Subject: Re: [Winpcap-users] can not get any captured package when

Hash: RIPEMD160

Lin George wrote:
> For the name resolve library, I have looked at getaddrinfo function,
>  http://msdn.microsoft.com/en-us/library/ms738520.aspx
> just want to make a quite confirm with you since I am new to this 
> function, you mean the 4th out parameter res will return a list of IP
> for the same name? Not necessary to be 3 always?

Right.  It's three addresses in the case of Google (when I ask anyway),
but the list can be any length.  You find the last item by following the
ai_next pointers in each addrinfo structure until you get to an addrinfo
whose ai_next pointer is NULL (standard linked list).  Most programs
will only take the first structure, though, so most programs don't care
about how the list is set up.

> And it is client application (which utilizes getaddrinfo)'s
> responsibility to rotate to use the IP address list to make it better
> load balanced?

No.  The list will come back from getaddrinfo() in a different order
each time the program asks -- if the program simply chooses the first
item off the list, that should be enough for some decent load balancing.

>> That also may explain why it never changes in your environment: 
>> Your DNS server isn't returning the expected data.  It's returning 
>> your proxy address (and it's probably returning that single address
>> no matter what name you ask for).
> I think in my network environment, it is the proxy which does the 
> real DNS resolution work?

When a proxy is configured in your web browser, this is true.

But it appears that your network's DNS server is returning "wrong" DNS
responses for all out-of-network names.  I'm not sure why, but I suspect
it has something to do with transparent proxying or something like that
- -- making the proxy server act as a proxy even if the browser isn't
expecting it to.  If that's what's happening, then yes, the proxy will
do another DNS transaction to get the real address for the name.

> The gethostbyname function is also valid on Windows, but when 
> compared with getaddrinfo, gethostbyname could only return one IP 
> address for a name, while getaddrinfo could return a list of IP 
> address?

Not exactly.  gethostbyname's hostent structure contains an h_addr_list
member that's an array of addresses.  Each address's length (in bytes)
is the value of h_length.  So to find the first address, copy h_length
bytes from h_addr_list[0] into the appropriate address type, and to find
each additional address, increment the zero until you get a NULL.

> From the study of your reply, I think even if we call getaddrinfo or 
> gethostbyname, DNS server may or may not be used, because the two 
> APIs may cache for values for some time? Correct?

They may cache the results, yes.  They don't have to though.  (And even
if they do, they might still rotate the items in the list.)

> If you have any further documents or sample codes which regarding to 
> how the local name resolution library works and how they works with 
> local DNS server, please refer some. :-)

Just experience writing programs and working with packet captures...
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org



More information about the Winpcap-users mailing list