[Winpcap-users] Programs not working

Fish fish at infidels.org
Wed Nov 18 17:09:29 PST 2009

Hash: SHA1

Gianluca Varenni wrote:

> And as soon as your application stops, the promiscuous mode
> will get disabled. Promiscuous mode is not only a hardware
> setting. NDIS controls which packets are delivered to the
> various protocol drivers (including WinPcap) based on their
> request to receive all the packets (promiscuous mode) or only
> some of them.

OK, yeah, you're right, I guess that might not be immediately obvious to
people. Sorry.

But except in the most unusual of cases that normally isn't a problem. Is
it? I mean, in most cases you only actually need promiscuous mode enabled
for the duration of your program anyway, right? Unless I misunderstood his
question he WASN'T asking whether he could *permanently* set his adapter to
promiscuous mode, he was only asking whether his PROGRAM could do that (so
that it could receive the packets it needed to receive), right?

Or am I missing something? :)

> That's why I suggested to modify wpcap.dll directly.
> If you manage to have the build environment properly set, you will just
> to modify these lines in pcap-win32.c
> p->opt.promisc = 1;    <--- ADD THIS LINE
>  /* Set promiscuous mode */
>  if (p->opt.promisc)
>  {
>   if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_PROMISCUOUS) == FALSE)
>   {
>    snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to
> promiscuous mode");
>    goto bad;
>   }
>  }
>  else
>  {
>   if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_ALL_LOCAL) == FALSE)
>   {
>    snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to
> non-promiscuous mode");
>    goto bad;
>   }
>  }
> Have a nice day
> GV

Yes, that would be the BEST way to do it since that would be the officially
supported way of doing it, whereas the way I was/am doing is the
unofficial/unsupported way (and thus slightly more "risky").

In my own defense however, my code was written eons ago (years and years),
back when WinPcap wasn't as mature and well behaved as it is now today,
which is why my code is currently doing everything itself rather than using
the official wpcap.dll interface like I should be.

Maybe SOME day I'll eventually get around to fixing that.  :)

Thanks Gianluca for all the good work you're doing. We appreciate it.

Take care.

- -- 
"Fish" (David B. Trout) - fish at softdevlabs.com
Fight Spam! Join CAUCE! <http://www.cauce.org/>
7 reasons why HTML email is a bad thing
PGP key fingerprints:
DH/DSS: 9F9B BAB0 BA7F C458 1A89 FE26 48F5 D7F4 C4EE 3E2A
RSA: 6B37 7110 7201 9917 9B0D 99E3 55DB 5D58 FADE 4A52

Version: PGP Desktop 9.8.0 (Build 2158)
Charset: us-ascii


More information about the Winpcap-users mailing list