[Winpcap-users] Malformed UDP Packets on Realtek GBE and FE when WinPCap loaded
Tim Comport
timcomport at hotmail.com
Sun Jan 29 16:54:33 PST 2012
I am investigating a problem with WinPCap on some network adapters
(particularly Realtek GBE and FE Family Controllers), and would appreciate any feedback.
1. I have a program using WinPCap (4.1.2) which is seeing malformed
UDP packets on some network cards (Realtek GBE and FE). The malformed packets
do not appear on other tested chipsets including Intel 82577LM, Broadcom
NetXtream 57xx, Broadcom 57765-B0 PCI, Marvell Yukon 88E8053, ASIX AX88772A.
2. Numerous laptops with the Realtek GBE or FE adapters from
different manufacturers (Toshiba, HP) experience the same problem. All are
running Win 7 64-bit.
3. Latest Realtek drivers are being used, and all
configuration settings have been cross-checked against working adapters.
4. I have eliminated my program as the cause by using a
barebones UDP client to send 1 UDP packet at a time (not using WinPCap). Using
this client the malformed packets appear when using Wireshark but do not appear
when using Microsoft Network Monitor (see 6 & 7).
5. The malformed UDP packets always follow a valid UDP
packet and appear to always have the same signature: They are an exact copy of
the proceeding UDP packet truncated to 34 bytes and have the LAA bit set in the source MAC.
6. Wireshark displays the malformed UDP packets (Malformed
packet: Exception occurred)
7. Microsoft Network Monitor (when WinPCap is
unloaded) does not show the malformed UDP packets. This leads me to believe
WinPCap (as Wireshark uses WinPCap) itself is the source of these packets on Realtek GBE and FE?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20120130/580aaf5d/attachment.html>
More information about the Winpcap-users
mailing list