[Winpcap-users] packet filter works only with wireshark running
rox
roxaz911 at gmail.com
Sat Apr 6 10:14:36 PDT 2013
I encountered very strange issue. My application can capture packets
only if wireshark is sniffing packets on same interface.
This is true for both vmware virtual network adapter aswell as lan
adapther. Test packet is sent using nping.
As you probably guessed - packet shows up on wireshark since when
wireshark is capturing packets - my app gets packet too.
Any ideas what i am dealing with here?
Basic code of setting up packet filter:
bpf_program fp;
pcap_t* handle = 0;
/* Open the device */
/* Open the adapter */
if ((handle = pcap_open_live(d->name, 65535, 0, 1000, errbuf)) == NULL)
{
continue;
}
bpf_u_int32 mask; /* The netmask of our sniffing device */
bpf_u_int32 net; /* The IP of our sniffing device */
if (pcap_lookupnet(d->name, &net, &mask, errbuf) == -1)
{
net = 0;
mask = 0;
}
if (pcap_compile(handle, &fp, "tcp[tcpflags] & (tcp-syn) != 0 and
tcp[tcpflags] & (tcp-ack) != 0", 0, net) == -1)
{
continue;
}
if (pcap_setfilter(handle, &fp) == -1)
{
continue;
}
// ..
bool error = pcap_loop(handle, -1, PacketHandler, NULL) < 0;
--
rox
More information about the Winpcap-users
mailing list