[prev in list] [next in list] [prev in thread] [next in thread]
List: winpcap-users
Subject: Re: [Winpcap-users] acquisition position
From: Michel NoSpam <michel.tempo () yahoo ! fr>
Date: 2009-11-05 11:23:49
Message-ID: 234985.70672.qm () web24611 ! mail ! ird ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks a lot for this information, it confirms that we just realyzed: no PPP trace \
seen so sample point is just above .
I guess that there is some flow control between TCP/IP and PPP layers (We saw \
different behaviour with same windows stack but different modem) Is it possible to \
capture such flow control with winpcap?
--- En date de : Mer 4.11.09, Gianluca Varenni <gianluca.varenni@cacetech.com> a \
écrit :
De: Gianluca Varenni <gianluca.varenni@cacetech.com>
Objet: Re: [Winpcap-users] acquisition position
À: winpcap-users@winpcap.org
Date: Mercredi 4 Novembre 2009, 16h47
The traffic is captured between the IP stack and PPP, although you will also see some \
PPP-specific packets related to the PPP negotiation).
Hope this helps
GV
----- Original Message -----
From: Michel NoSpam
To: winpcap-users@winpcap.org
Sent: Wednesday, November 04, 2009 12:25 AM
Subject: Re: [Winpcap-users] acquisition position
Adapter for generic dialup and VPN capture
--- En date de : Mar 3.11.09, Gianluca Varenni <gianluca.varenni@cacetech.com> a \
écrit :
De: Gianluca Varenni <gianluca.varenni@cacetech.com>
Objet: Re: [Winpcap-users] acquisition position
À: winpcap-users@winpcap.org
Date: Mardi 3 Novembre 2009, 17h39
What's the name and description of the adapter that you are capturing from in \
wireshark?
----- Original Message -----
From: Michel NoSpam
To: winpcap-users@winpcap.org
Sent: Tuesday, November 03, 2009 7:44 AM
Subject: Re: [Winpcap-users] acquisition position
I am using Wireshark on Windows XP professionnal SP2
--- En date de : Mar 3.11.09, Gianluca Varenni <gianluca.varenni@cacetech.com> a \
écrit :
De: Gianluca Varenni <gianluca.varenni@cacetech.com>
Objet: Re: [Winpcap-users] acquisition position
À: winpcap-users@winpcap.org
Date: Mardi 3 Novembre 2009, 16h35
What is the name and description of the adapter you are capturing from? Which \
operating system?
Have a nice day
GV
----- Original Message -----
From: Michel NoSpam
To: winpcap-users@winpcap.org
Sent: Tuesday, November 03, 2009 12:59 AM
Subject: [Winpcap-users] acquisition position
Hello,
I would to know a which level Wireshark/Winpcap samples the IP packets.
I use a mobile phone as a modem (DUN). A flow control permits to adjust the data flow \
from the PC to the modem.
We have a downlink and a uplink data flow.
Because of this flow control, we can see that the downlink TCP data are not \
acknowledge immediately.
I would like to know where wireshark samples the data?
When the data leave the ipstack or when the data leave the PC?
Can I configure wireshark/winpcap to sample the packet a layer 3?
(I am affraid it could have some important delay between layer3 -> layer 2 -> layer \
1)
(stack ip -> PPP -> USB -> modem)
Thanks a lot.
Michel
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-----La pièce jointe associée suit-----
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-----La pièce jointe associée suit-----
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-----La pièce jointe associée suit-----
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
[Attachment #5 (text/html)]
<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: \
inherit;"><DIV>Thanks a lot for this information, it confirms that we just realyzed: \
no PPP trace seen so sample point is just above .</DIV> <DIV> </DIV>
<DIV>I guess that there is some flow control between TCP/IP and PPP layers (We saw \
different behaviour with same windows stack but different modem)</DIV> <DIV>Is \
it possible to capture such flow control with winpcap?</DIV> <DIV><BR><BR>--- En \
date de : <B>Mer 4.11.09, Gianluca Varenni \
<I><gianluca.varenni@cacetech.com></I></B> a écrit :<BR></DIV> <BLOCKQUOTE \
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: rgb(16,16,255) 2px \
solid"><BR>De: Gianluca Varenni <gianluca.varenni@cacetech.com><BR>Objet: Re: \
[Winpcap-users] acquisition position<BR>À: winpcap-users@winpcap.org<BR>Date: \
Mercredi 4 Novembre 2009, 16h47<BR><BR> <DIV id=yiv1158937811>
<DIV><FONT size=2>The traffic is captured between the IP stack and PPP, although you \
will also see some PPP-specific packets related to the PPP negotiation).</FONT></DIV> \
<DIV><FONT size=2></FONT> </DIV> <DIV><FONT size=2>Hope this helps</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; \
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt \
arial">----- Original Message ----- </DIV> <DIV style="BACKGROUND: #e4e4e4; FONT: \
10pt arial"><B>From:</B> <A title=michel.tempo@yahoo.fr \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=michel.tempo@yahoo.fr" \
target=_blank rel=nofollow ymailto="mailto:michel.tempo@yahoo.fr">Michel NoSpam</A> \
</DIV> <DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=winpcap-users@winpcap.org" \
target=_blank rel=nofollow \
ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV> <DIV \
style="FONT: 10pt arial"><B>Sent:</B> Wednesday, November 04, 2009 12:25 AM</DIV> \
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [Winpcap-users] acquisition \
position</DIV> <DIV><FONT size=2></FONT><FONT size=2></FONT><FONT size=2></FONT><FONT \
size=2></FONT><BR></DIV> <TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top>Adapter for generic dialup and VPN capture<BR><BR>--- En date \
de : <B>Mar 3.11.09, Gianluca Varenni <I><<A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=gianluca.varenni@cacetech.com" \
target=_blank rel=nofollow \
ymailto="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>></I></B> \
a écrit :<BR> <BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; \
BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>De: Gianluca Varenni <<A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=gianluca.varenni@cacetech.com" \
target=_blank rel=nofollow \
ymailto="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</A>><BR>Objet: \
Re: [Winpcap-users] acquisition position<BR>À: <A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=winpcap-users@winpcap.org" \
target=_blank rel=nofollow \
ymailto="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A><BR>Date: \
Mardi 3 Novembre 2009, 17h39<BR><BR> <DIV id=yiv176557426>
<DIV><FONT size=2>What's the name and description of the adapter that you are \
capturing from in wireshark?</FONT></DIV> <DIV><FONT size=2></FONT> </DIV>
<DIV> </DIV>
<BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; \
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt \
arial">----- Original Message ----- </DIV> <DIV style="BACKGROUND: #e4e4e4; FONT: \
10pt arial"><B>From:</B> <A title=michel.tempo@yahoo.fr \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=michel.tempo@yahoo.fr" \
target=_blank rel=nofollow>Michel NoSpam</A> </DIV> <DIV style="FONT: 10pt \
arial"><B>To:</B> <A title=winpcap-users@winpcap.org \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=winpcap-users@winpcap.org" \
target=_blank rel=nofollow>winpcap-users@winpcap.org</A> </DIV> <DIV style="FONT: \
10pt arial"><B>Sent:</B> Tuesday, November 03, 2009 7:44 AM</DIV> <DIV style="FONT: \
10pt arial"><B>Subject:</B> Re: [Winpcap-users] acquisition position</DIV> \
<DIV><BR></DIV> <TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top>
<DIV>I am using Wireshark on Windows XP professionnal SP2<BR><BR>--- En date \
de : <B>Mar 3.11.09, Gianluca Varenni <I><<A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=gianluca.varenni@cacetech.com" \
target=_blank rel=nofollow>gianluca.varenni@cacetech.com</A>></I></B> a \
écrit :<BR></DIV> <BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; \
BORDER-LEFT: rgb(16,16,255) 2px solid"><BR>De: Gianluca Varenni <<A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=gianluca.varenni@cacetech.com" \
target=_blank rel=nofollow>gianluca.varenni@cacetech.com</A>><BR>Objet: Re: \
[Winpcap-users] acquisition position<BR>À: <A \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=winpcap-users@winpcap.org" \
target=_blank rel=nofollow>winpcap-users@winpcap.org</A><BR>Date: Mardi 3 Novembre \
2009, 16h35<BR><BR> <DIV id=yiv136815437>
<STYLE></STYLE>
<DIV><FONT size=2>What is the name and description of the adapter you are capturing \
from? Which operating system?</FONT></DIV> <DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<BLOCKQUOTE style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; \
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style="FONT: 10pt \
arial">----- Original Message ----- </DIV> <DIV style="BACKGROUND: #e4e4e4; FONT: \
10pt arial"><B>From:</B> <A title=michel.tempo@yahoo.fr \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=michel.tempo@yahoo.fr" \
target=_blank rel=nofollow>Michel NoSpam</A> </DIV> <DIV style="FONT: 10pt \
arial"><B>To:</B> <A title=winpcap-users@winpcap.org \
href="http://fr.mc246.mail.yahoo.com/mc/compose?to=winpcap-users@winpcap.org" \
target=_blank rel=nofollow>winpcap-users@winpcap.org</A> </DIV> <DIV style="FONT: \
10pt arial"><B>Sent:</B> Tuesday, November 03, 2009 12:59 AM</DIV> <DIV style="FONT: \
10pt arial"><B>Subject:</B> [Winpcap-users] acquisition position</DIV> <DIV><FONT \
size=2></FONT><BR></DIV> <TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD vAlign=top>
<DIV>Hello, </DIV>
<DIV><BR> </DIV>
<DIV>I would to know a which level Wireshark/Winpcap samples the IP packets.<BR>I use \
a mobile phone as a modem (DUN). A flow control permits to adjust the data flow from \
the PC to the modem.</DIV> <DIV><BR>We have a downlink and a uplink data flow.</DIV>
<DIV>Because of this flow control, we can see that the downlink TCP data are not \
acknowledge immediately.<BR></DIV> <DIV>I would like to know where wireshark samples \
the data?</DIV> <DIV>When the data leave the ipstack or when the data leave the \
PC?</DIV> <DIV>Can I configure wireshark/winpcap to sample the packet a layer \
3?</DIV> <DIV>(I am affraid it could have some important delay between layer3 -> \
layer 2 -> layer 1)</DIV> <DIV><BR>(stack ip -> PPP -> USB -> \
modem) <BR></DIV> <DIV><BR>Thanks a \
lot. <BR>Michel</DIV></TD></TR></TBODY></TABLE><BR> <DIV>
<HR>
<DIV></DIV>_______________________________________________<BR>Winpcap-users mailing \
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></DIV></BLOCKQUOTE></DIV><BR>-----La \
pièce jointe associée suit-----<BR><BR> <DIV \
class=plainMail>_______________________________________________<BR>Winpcap-users \
mailing list<BR><A href="http://fr.mc246.mail.yahoo.com/mc/compose?to=Winpcap-users@winpcap.org" \
target=_blank rel=nofollow>Winpcap-users@winpcap.org</A><BR><A \
href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank \
rel=nofollow>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR></DIV></BLOCKQUOTE></TD></TR></TBODY></TABLE><BR>
<DIV>
<HR>
<DIV></DIV>_______________________________________________<BR>Winpcap-users mailing \
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></DIV></BLOCKQUOTE></DIV><BR>-----La \
pièce jointe associée suit-----<BR><BR> <DIV \
class=plainMail>_______________________________________________<BR>Winpcap-users \
mailing list<BR><A href="http://fr.mc246.mail.yahoo.com/mc/compose?to=Winpcap-users@winpcap.org" \
target=_blank rel=nofollow>Winpcap-users@winpcap.org</A><BR><A \
href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target=_blank \
rel=nofollow>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR></DIV></BLOCKQUOTE></TD></TR></TBODY></TABLE><BR>
<DIV></DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT \
face=Arial size=2></FONT><FONT face=Arial size=2></FONT> <HR>
<DIV></DIV>_______________________________________________<BR>Winpcap-users mailing \
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></DIV><BR>-----La \
pièce jointe associée suit-----<BR><BR> <DIV \
class=plainMail>_______________________________________________<BR>Winpcap-users \
mailing list<BR><A href="http://fr.mc246.mail.yahoo.com/mc/compose?to=Winpcap-users@winpcap.org" \
ymailto="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR><A \
href="https://www.winpcap.org/mailman/listinfo/winpcap-users" \
target=_blank>https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR></DIV></BLOCKQUOTE></td></tr></table><br>
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic