[Winpcap-users] rpcapd via WinPcap 4.1.2

Joseph A. Simpkins jsimpkins at usatech.com
Mon Apr 14 21:06:49 UTC 2014 

Hello users,

I could use some help in troubleshooting  Rpcapd.
I have been using remote daemon on and off for years using both Wireshark and SharpPcap.
I found rpcapd so beneficial, I submitted the C# code for the SharpPcap team to access the rpcapd.

I have a problem that affects Wireshark and SharpPcap the same. The system works fine, I collect and decode lots of beneficial data for my company. The issue is that the connection just stops, say in a day. It's hard to determine when, because there is no actual error generated when it drops. I find out by activating a test client to transmit data,  but no packets come through either wireshark or SharpPcap.

My setup:

-          Laptop Dell Latitude E6510, 3.92GB of RAM, Win7-64 bit running WinPcap 4.1.2.

-          Dell T3500, 12Gb of RAM, Win7-64, running either Wireshark Version 1.2.9 or a C# app (using SharpPcap lib) or both.

-          For troubleshooting I usually have both C# app and Wireshark running together using the same rcap filter.

-          rcap filters are typically "host 10.x.x.x."

-          I would like to get to the point of having 8-12 concurrent sessions running for a month without failing.

In the morning, I typically close Wireshark and the C# app. Wireshark generates an error 10054 (see attached). I believe it's because the TCP connect was RST by the laptop when wireshark attempts to close the connection gracefully.

BTW: I have a WS trace of the two computers showing when Wireshark received the RST.
Also. I can simply restart a wireshark capture or  the C# app and data will start following again. Rpcapd does not need to be restarted. The laptop does not need to pinged 1st or logged into.

I hope this was no too much on my first post.
Best regards.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20140414/ba7c3a84/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Wireshark Drop Error.JPG
Type: image/jpeg
Size: 27957 bytes
Desc: Wireshark Drop Error.JPG
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20140414/ba7c3a84/attachment-0001.jpe>

More information about the Winpcap-users mailing list