[Winpcap-users] Capture fails in pppoe enviroment

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Jun 1 13:52:56 PDT 2010


Because packets are not encapsulated in the "usual" way (ethernet/ip/udp), they are encapsulated in pppoe. A filter like "udp port 1234" assumes that there is no pppoe involved. If the packet is encapsulated in pppoe, you have to use the filter "pppoes and udp port 1234"

Have a nice day
GV


From: ceo at triplebit.com 
Sent: Tuesday, June 01, 2010 2:32 PM
To: winpcap-users at winpcap.org 
Subject: Re: [Winpcap-users] Capture fails in pppoe enviroment


Tahnks KB,
I followed your advise but still encountered problems capturing the "PPP Interface that the PPPoE terminates on". Using Wireshark I did see the packets when using no filtering. I couldn't filter them nor with the port (8081 in this case) and nor with the type which is UDP.
Since my code also uses filtering that explains why my code dosn't capture either.
So my question is now why can I see the packets if I don't filter(but if I watch them later I can see the UDP and the port which is 8081) but if I try to filter with the type or the port I don't see any packet?
Regards
I. Lesher
  ----- Original Message ----- 
  From: Kyle Brotheridge 
  To: ceo at triplebit.com ; winpcap-users at winpcap.org 
  Sent: Monday, May 31, 2010 3:58 AM
  Subject: **SPAM** RE: [Winpcap-users] Capture fails in pppoe enviroment


  Lesher,

   

  Please explain a bit more. From my understanding you have a PC connected to a LAN, and a PPPoE connection terminating on the same PC via its local NIC.

   

  You CAN capture LAN traffic, but CANNOT capture traffic from the PPPoE connection?

   

  From this I’d say it’s because the packets from the PPPoE are encapsulated in PPP/GRE, if you’re looking to capture the packets contained within the PPP stream, you’ll have to capture on the PPP Interface that the PPPoE terminates on.

   

  -KB

   

  From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of ceo at triplebit.com
  Sent: Saturday, 29 May 2010 7:21 PM
  To: winpcap-users at winpcap.org
  Subject: [Winpcap-users] Capture fails in pppoe enviroment

   

  Hi all,

  I use WinPcap 4.02 to capture stream source and to process the data somehow.

  It works fine if the source is inside a LAN.

  On the other hand, when source is in a pppoe Internet connection, I capture the Ethernet card that supports the Internet connection and I get no packet captured.  The following while loop simply never enters the loop as it does in a LAN environment.

  while((res = pcap_next_ex( adhandle, &header, &pkt_data)) >= 0)

  {

  if(res == 0)

  /* Timeout elapsed */

  continue;

  However in a Wireshark I can definitely see the expected packets om this same card.

  The algorithm is similar in both environments and it based on the samples following the product.

  Has anyone any idea what could be the cause?

  Regards

  I. Lesher



--------------------------------------------------------------------------------


_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100601/48de3f80/attachment-0001.htm 


More information about the Winpcap-users mailing list