0

Working on parsing Arp packets and I found this nice problem.

when receiving an Arp packet I was parsing the target's IP address.

I have c0 a8 in my hex dumb but after that it ends. I am missing data! I see the data in Wireshark but I am not getting the data through WinPCap.

I have yet to run into this issue before. Any ideas SO? So far no memory access errors though. Probably just luck. :x

EDIT: My main look for processing packets is from the example pktdump_ex.

Here is the while line

while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)

After that is executed, the snalen is 2b.

4

1 回答 1

2

正如他在评论中指出的那样,这闻起来像是有缺陷的 snaplen 配置。如果您查看 winpcap api 文档pcap_open() apidoc,它指出:

snaplen,: 必须保留的数据包长度。对于过滤器接收到的每个数据包,只有第一个“snaplen”字节存储在缓冲区中并传递给用户应用程序。例如, snaplen 等于 100 意味着只存储每个数据包的前 100 个字节。

作为 pcap_open 的第二个参数的解释。除非您提供一些更详细的代码片段来使用,否则这是最接近我们将得到的答案。

于 2010-02-16T09:33:20.173 回答