HI, falks, I met a problem when I use winpcap. I am using winpcap to develop some applications to monitor
networks. I used void dispatcher_handler as a loopback function. When I doing the measurement on FTP traffic, I found there is something strange. here it is: 1st packet from ftp server to my pc: arrival time:1022072978:658489 length reported by pcap_pkthdr *header: 60bytes protocol is TCP; pkt data given by pkt_data is: 0 c0 4f 17 c0 7b 0 1 30 12 34 0 8 0 45 0 0 (28) 99 77 40 0 e8 6 ed 20 80 9 b0 14 83 e3 58 36 0 15 12 19 2e 62 d2 80 7 3f 56 ed 50 10 22 38 10 28 0 0 55 55 55 55 55 55 we can see the pkt length indicated by IP header is 28h (in the bracket).that's 40 bytes. if we add the 14 bytes long MAC header, we have totally 54 bytes of the pkt length. that's different with what the *header gives to us which is 60 bytes. what's the problem? is it the winpcap's wrong? moreover, the next pkt received from the same ftp server has the same sequence number and Ack number. if the 1st downloaded pkt is not correct due to the transmission in the network,at least my pc should send an error report to the server and then the server can retransmit. but there is no uploaded pkt is sent from my pc between these two downloaded pkts. that means my pc receives two downloaded pkts at once without any response. it's not right, isn't it? or the ftp login process do it on purpose? I haven't find any documents to clearify this problem. so I doublt if the winpcap gets something wrong? PS: if I am not wrong, the void dispatcher_handler function is triggered when new qualified pkt arrives to my network adapter, isn't it?
