[Winpcap-users] Several queries
Gianluca Varenni
gianluca.varenni at cacetech.com
Wed May 28 17:31:03 GMT 2008
----- Original Message -----
From: "Esmond Pitt" <esmond.pitt at bigpond.com>
To: <winpcap-users at winpcap.org>
Sent: Saturday, May 24, 2008 11:02 PM
Subject: [Winpcap-users] Several queries
> Gianluca
>
> Some queries:
>
> 1. Winpcap gets away with not providing a pcap_getbuff() function because
> the default value of 1Mb is specified. Similarly either the default value
> for pcap_setmintocopy() should be specified or a pcap_getmintocopy()
> function should be provided.
True. The default value for mintocopy is 16000. I updated the documentation.
>
> 2. I've been unable to get lookup of capture files working via pcap_open,
> specifying file:///directoryname as the source - I get 'invalid capture
> file
> format' in the errbuf. I've also tried file:/, file://, etc, and the
> directory name is certainly valid. Is there a working example of this?
I need to look into that.
> 3. What is #define MODE_MON 2 for in pcap.h? Something not yet
> implemented?
It's the so called "monitoring mode" (also called "TME extensions"). It's
some experimental work that I did during my graduation thesis (back in
2001). It was available in WinPcap (but not documented) until last year,
when the code was completely disabled for security reasons. I basically
forgot to comment out the definition.
>
> 4. I'm finding that pcap_lookupdev() can return the name of an interface
> that isn't 'up', e.g. a dial-up adapter. Is this supposed to happen?
> Doesn't
> seem much use to me ... Using Winpcap 4.0.2.
Yes. It's the "GenericDialupAdapter". It's always there, even when no
dial-up connections are up) for a specific reason: it's the only way to
capture the handshake packets exchanged when setting up a PPP connection,
like LCP/NCP. Unfortunately, there is no easy way for WinPcap to detect if
the user hasn't set up any dialup/VPN interface, thus not showing up this
interface.
Have a nice day
GV
>
> Gratie
>
> EJP
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list