It says:
1410 packets received by filter
0 packets dropped by kernel
The test bench I have is isolated LAN between two PC. There is no another source or destination from where Packets generates or destined to. I have UDP filter at command line. But, If I type command:
windump -ne -s100
This is without any protocol filter.
It prints out in output windows different number of packets than It reports after pressing CTRL + C.
I need to understand this.
Shahid
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Tuesday, September 16, 2003 11:12 AM
To: Munshi, Shahid K. (Manpower Contract)
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] WinDump Output
These questions are probably best asked on the winpcap-users mailing
list:
http://winpcap.polito.it/contact.htm
On Tue, Sep 16, 2003 at 11:00:05AM -0500, Munshi, Shahid K. (Manpower Contract) wrote:
> I am trying to capture "udp" packets across two PC running Windows 2000.
> I used:
> windump -ne -s100 udp
>
> These command line options starts capturing file. but, When I stopped
> it by pressing CTRL + C ., It shows me number of packets around 1410.
> But when I looked at stdio screen (Output Window) , Which is DOS prompt
> on windows 2000, The number of packets are around 8.
What *exactly* did WinDump say when it reported about 1410 packets?
Perhaps it reported "1410 packets received by filter", which means that
the WinPcap driver saw 1410 packets; however, most of them might not
have been UDP packets, and you have a filter of "udp", so, if WinPcap
reports, as the number of packets received by the filter, the number of
packets seen *before* the filtering is done, that number could be larger
than the number of packets it actually prints.