Ethereal-users: Re: [Ethereal-users] WinDump Output

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 16 Sep 2003 10:55:57 -0700
On Tue, Sep 16, 2003 at 12:40:56PM -0500, Munshi, Shahid K. (Manpower Contract) wrote:
> This is after pressing CTRL + C:
> 
> windump: listening on \Device\NPF_{D199E170-8B88-4975-8175-75CB2795CE85}

I presume it printed that message *before* control-C.

> 147 packets received by filter
> 0 packets dropped by kernel

That presumably got printed after control-C.

> why are these numbers different?

Perhaps because, as I said in my previous message:

	Note that the number printed as "received by filter", if it comes from
	the WinPcap driver (as I think it does), can include packets that have
	not yet been read by WinDump - and, as you've terminated WinDump by
	typing control-C, those packets never will be read by WinDump.

Note also that your last message doesn't have a packet, so perhaps some
output was discarded by Windows when you typed control-C (UNIX
definitely does that), if the "output screen" was some console window. 
If so, there will be packets that WinPcap printed but that didn't show
up.