Hi, GV, I got it. Thank you indeed.my second question is a fool one. It's nothing about duplication but log in procedure. I got some nuts in my mind when I asked it that day. :) cheers,lei
On Sat, 25 May 2002, Gianluca Varenni wrote: > Hi. > > It's padding: the minimum Ethernet frame size is 60 bytes (including > ethernet header), so the last 6 bytes (which in fact are all 0xFF) are used > to make the packet 60 bytes long. > > Regarding duplicate packets, it depends on a variety of factors: > -there can be duplicate packets (even if the server only sent one packet), > due to network > -you have some sort of network software on your machine that "duplicates" > packets; some examples are software firewall (for example the one shipped > with XP), of VPN software. > > > GV > > ----- Original Message ----- > From: "Lei Liang" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, May 23, 2002 12:09 PM > Subject: [WinPcap-users] bugs of winpcap?? > > > > HI, falks, > > I met a problem when I use winpcap. > > I am using winpcap to develop some applications to monitor > > > > networks. I used void dispatcher_handler as a loopback function. When I > > > > doing the measurement on FTP traffic, I found there is something strange. > > > > here it is: > > > > > > 1st packet from ftp server to my pc: > > > > arrival time:1022072978:658489 > > > > length reported by pcap_pkthdr *header: 60bytes > > > > protocol is TCP; > > > > pkt data given by pkt_data is: > > > > 0 c0 4f 17 c0 7b 0 1 30 12 34 0 8 0 45 0 0 (28) 99 77 40 0 e8 6 ed 20 80 9 > > > > b0 14 83 e3 58 36 0 15 12 19 2e 62 d2 80 7 3f 56 ed 50 10 22 38 10 28 0 0 > > 55 55 55 55 55 55 > > > > we can see the pkt length indicated by IP header is 28h (in the > > > > bracket).that's 40 bytes. if we add the 14 bytes long MAC header, we have > > > > totally 54 bytes of the pkt length. that's different with what the *header > > > > gives to us which is 60 bytes. what's the problem? is it the winpcap's > > > > wrong? > > > > > > moreover, the next pkt received from the same ftp server has the same > > > > sequence number and Ack number. if the 1st downloaded pkt is not correct > > > > due to the transmission in the network,at least my pc should send an error > > > > report to the server and then the server can retransmit. but there is no > > > > uploaded pkt is sent from my pc between these two downloaded pkts. that > > > > means my pc receives two downloaded pkts at once without any response. > > > > it's not right, isn't it? or the ftp login process do it on purpose? I > > haven't find any documents to clearify this problem. > > so I doublt if the winpcap gets something wrong? > > PS: if I am not wrong, the void dispatcher_handler function is triggered > > > > when new qualified pkt arrives to my network adapter, isn't it? > > > > > > >
