- This topic has 6 replies, 2 voices, and was last updated 11 years, 6 months ago by
.
-
Posts
-
After i installed winpkfilter_rtl in win7 64bit, when i ping another host in LAN, i found the output from wireshark is different before i install winpkfilrer_rtl.
after:
[attachment=1:5qi0jvnv]QQ截图20121011142934.png[/attachment:5qi0jvnv]before:
[attachment=0:5qi0jvnv]QQ截图20121011141309.png[/attachment:5qi0jvnv]It seems the ping packet was fragmented.
From what I can see each outgoing echo request is looped four times. Probably this caused by loopback packet indication when outgoing packet sent from one protocol is indicated back to all installed protocols (without this functionality wireshark would not be able to collect outgoing packets). And in your test loopback packet is routed back into the network (note the decreased ttl). Difficult to say who has routed the packet as WinpkFilter does not implement routing but WinpkFilter repackages network packets and one of the installed network components may fail to recognize the packet it just sent out and rerouted it. What network components do you have installed? Here I mean protocols drivers like winpcap and various virtual machine bridge and NAT components? Details in the network configuration also may help.
Tanks for your reply.
Maybe you are right. Because I test the gretunne sample in my work-machine, the system have installed lots of the dev-software(e.g. vmware, vs2010, wireshark/winpcap and so on). I thinks the problems is not caused by the winpcap . (I test the sample application in another system that installed wireshark/winpcap only , and the sample work fine).
Following is my dev-system ipconig /all ‘s output:
Windows IP 配置
主机名 . . . . . . . . . . . . . : King64-PC
主 DNS 后缀 . . . . . . . . . . . :
节点类型 . . . . . . . . . . . . : 混合
IP 路由已启用 . . . . . . . . . . : 是
WINS 代理已启用 . . . . . . . . . : 否以太网适配器 本地连接:
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
物理地址. . . . . . . . . . . . . : 00-1F-16-35-93-19
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是
本地链接 IPv6 地址. . . . . . . . : fe80::2907:fde6:9359:3db8%11(首选)
IPv4 地址 . . . . . . . . . . . . : 192.168.1.12(首选)
子网掩码 . . . . . . . . . . . . : 255.255.255.0
默认网关. . . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234888982
DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-17-7C-67-1A-00-1F-16-35-93-19
DNS 服务器 . . . . . . . . . . . : 211.136.192.6
120.196.165.24
TCPIP 上的 NetBIOS . . . . . . . : 已启用以太网适配器 VMware Network Adapter VMnet1:
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
物理地址. . . . . . . . . . . . . : 00-50-56-C0-00-01
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是
本地链接 IPv6 地址. . . . . . . . : fe80::53a:cc83:3b45:8ea5%14(首选)
IPv4 地址 . . . . . . . . . . . . : 192.168.85.1(首选)
子网掩码 . . . . . . . . . . . . : 255.255.255.0
默认网关. . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 251678806
DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-17-7C-67-1A-00-1F-16-35-93-19
DNS 服务器 . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
TCPIP 上的 NetBIOS . . . . . . . : 已启用以太网适配器 VMware Network Adapter VMnet8:
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
物理地址. . . . . . . . . . . . . : 00-50-56-C0-00-08
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是
本地链接 IPv6 地址. . . . . . . . : fe80::b876:7a0e:5a9b:6f07%15(首选)
IPv4 地址 . . . . . . . . . . . . : 192.168.126.1(首选)
子网掩码 . . . . . . . . . . . . : 255.255.255.0
默认网关. . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 453005398
DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-17-7C-67-1A-00-1F-16-35-93-19
DNS 服务器 . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
TCPIP 上的 NetBIOS . . . . . . . : 已启用隧道适配器 Teredo Tunneling Pseudo-Interface:
媒体状态 . . . . . . . . . . . . : 媒体已断开
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是隧道适配器 isatap.{279B000D-8661-4FDA-AE58-638B88FD2A0A}:
媒体状态 . . . . . . . . . . . . : 媒体已断开
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #3
物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是隧道适配器 isatap.{8A5B5FDE-602D-483A-AA37-703E3792D8E4}:
媒体状态 . . . . . . . . . . . . : 媒体已断开
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #5
物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是隧道适配器 isatap.{9D4E6015-DE5A-4464-8707-3BAF1A4C515E}:
媒体状态 . . . . . . . . . . . . : 媒体已断开
连接特定的 DNS 后缀 . . . . . . . :
描述. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #6
物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP 已启用 . . . . . . . . . . . : 否
自动配置已启用. . . . . . . . . . : 是[attachment=0:3pjc7xyf]QQ截图20121011163727.png[/attachment:3pjc7xyf]
Most probably this is VMWare bridge, in order to support bridging of guest OS it has to put real network interface into promiscuous mode and has to filter out loopback indications. Since packets are repackaged by WinpkFilter it may miss to recognize loopback and reroute it. I have experienced similar problems when experimented with ethernet bridging. There is another post on forum regarding VMWare, so I plan to do some tests with it. By the way, do you experience any problems in getting IP address for the guest vmware OS bridged to real NIC?
I test the vmware with winpkfilter in the following process:
1.VMware Host OS is WIN7 64bit, VMware Guest OS is windows2003
2.Both Host and Guest OS installs the WinpkFilter
3. Set the VMware Guest OS network connection to “Bridged: Connected directly to the physical network”(leave “Replicate physical network connection state” to blank)
4. Set Guset OS auto getting IP address
5. Restart the Guest OSAfter the Guest OS restart, auto getting IP address, has no problem.
- You must be logged in to reply to this topic.