Hi All,
This is karun from india(Hyderabad) of Redpine signals.Actually I want to give my own packet inorder to display in wireshark.So i am going through the source code of Wireshark and winpcap(as it is the capturing library,driver).I figured out the peek point where packet.dll is used for packet capturing from nfs driver as described below.
Wireshark<--wpcap.dll<--packet.dll<--npf.sys(driver where actual capture happens)<-packets.
pcap_read_win32_npf()->PacketReceivePacket() function in wpcap/libpcap/pcap-win32.c.
So i hard coded my known packet format after returning from PacketReceivepacket() function in winpcap 4.1.3 source code.And after compilation and copied the packet.dll,wpacp.dll,& ndf.sys to their respective folders,i am able to see my known packet in wireshark application as LLC packet,but along with mine some other packets so called UDP,LMNR,NBNS,SSDP,ARP packets are also coming to the wireshark's application.Can any one tell me where these packets are coming as pcap_read_win32_npf is the only function to capture packets(to best of my knowledge).</code></pre></div><div id="question-tags" class="tags-container tags"><span class="post-tag tag-link-winpcap" rel="tag" title="see questions tagged 'winpcap'">winpcap</span></div><div id="question-controls" class="post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>asked <strong>29 Jun '15, 22:34</strong></p><img src="https://secure.gravatar.com/avatar/50c4b78862c6ca806916c3a71498cdf3?s=32&d=identicon&r=g" class="gravatar" width="32" height="32" alt="karun256's gravatar image" /><p><span>karun256</span><br />
6●5●5●7
accept rate: 0%
