Brickner[CodePlex]
RFC 988

brianestey17[CodePlex]
I have captured a pcap file using Tao tPacketCapture on Android (http://www.taosoftware.co.jp/en/android/packetcapture/). The problem is that the pcap file I captured has
a datalink of quotLINUX_SLL (Linux cooked)quot and this throws an exception 'packet.IsValid' threw an exception of type 'System.NotSupportedException'base {System.SystemException} = {quotPcapDataLink 113 - LINUX_SLL (Linux cooked) is unsupportedquot}I've
attached the pcap file in question.

Brickner[CodePlex]
Add support for Ethernet datagrams.
Should looks like this:
Packet packet;
p.Ethernet...

menkaur[CodePlex]
I'm trying to use Pcap.Net to bypass winsockets altogether and to send packets directly. I must do this, because RAW sockets are supported only on the server class windows operating systems. I want to do this, because Pcap.Net is much better suited for
low level network interactions than raw sockets (better structure, ability to access Ethernet layer ect).

My problem is that, as it is, the packets that are received are passed on to windows driver, which creates bad interactions.

Consider flowing: I'm trying to open a tcp connection to the host. I send the SYN package and it sends me back SYN-ACK package. Before I can confirm the connection for open, Windows driver, which processes the SYN-ACK package sends RST package to close the
connection. At present, there's nothing I can do about this issue.

Brickner[CodePlex]
Add support for TCP datagrams (over IPv4)
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Tcp...

Brickner[CodePlex]
RFC 4795

Nontenda[CodePlex]
Hi,

I'm trying to use Pcap.Net to capture LLC packets but when I try to use :
BerkeleyPacketFilter filter = communicator.CreateFilter(quotllcquot)

I got an argument exception
quotAn error has occured when compiling the filter ltllcgt: 'llc' supported only on raw ATMquot.

What can I do ? What is the quotraw modequot ?

Thank's in advance,
best regards,
Nontenda

ddwashbu[CodePlex]
It would be helpful if the Users Guide could be made available as a standalone, downloadable document (PDF).

PuffyThePirateBoy[CodePlex]
Pcap.net can not run under Windows 7 Pro 64-bit. The error code I recieve when starting an application referencing Pcap.Net in VS 2008 states the following:
nbsp
quotCould not load file or assembly 'PcapDotNet.Core, Version=0.4.0.28562, Culture=neutral, PublicKeyToken=4a892f819f0d9268' or one of its dependencies. An attempt was made to load a program with an incorrect format.quot
nbsp
nbsp
Compiled applications using Pcap.net just crashes without any information under W7 64-bit.

Adum_264[CodePlex]
AirPcap Support in pcap.net would make pcap even better than it is

candritzky[CodePlex]
The extension method LivePacketDevice.GetMacAddress() throws an InvalidOperationException when called on a LivePacketDevice instance for a network adapter where the TCP/IP protocol is not bound to. The reason is that the NetworkInterface.GetAllNetworkInterfaces()
API (part of the .NET framework) does not include these network adapters.
nbsp
Is there any other way to get to the MAC address of a LivePacketDevice instance? I tried to use WMI Win32_NetworkAdapter class for this, but don't know how to find the correct WMI instance on Windows XP and Server 2003 as they do not support the Win32_NetworkAdapter.GUID
property yet.

Brickner[CodePlex]
Add support for IPv4 datagrams (over Ethernet).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4...

Brickner[CodePlex]
Details are here:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5459

Lo11o2[CodePlex]
TcpLayer tcpLayer =
new TcpLayer
{
SourcePort = 4050,
DestinationPort = 25,
Checksum = null, // Will be filled automatically.
SequenceNumber = 100,
AcknowledgmentNumber = 50,
ControlBits = TcpControlBits.Acknowledgment,
Window = 100,
UrgentPointer = 0,
Options = TcpOptions.None,
};

I'd like to understand how to set different options on tcplayer like MSS and SACK Permission...

divinci[CodePlex]
Hi Boaz! Love the project, cant wait to have a delve into it!
nbsp
Description : error C3861: 'pcap_free_datalinks': identifier not found
File : PacketCommunicator.cpp
Line : 44
Project : PcapDotNet.Core
nbsp
Any ideas about this compilation error?

brianestey17[CodePlex]
I am trying to analyze a file with RTP packets but unfortunately PCAP.net is only able to parse to the UDP level. I've attached a sample VoIP file from Wireshark that contains RTP packets. Is there any chance that RTP will be added to the available parsers?

Brickner[CodePlex]
Add support for ICMP datagrams (over IPv4).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Icmp...

dls314159[CodePlex]
PcapDotNet.Core.Test.LivePacketDeviceTests.OpenLiveDevice

Assumed a max of two addresses for an interface
nbsp
PcapDotNet.Core.Test.WiresharkCompareTests.CompareArp The arp hardware type and operation are coming through as hex in the show values from tshark, not decimal as expected
There's a wireshark bug which messes up the show values for AddressPrespecified timestamps. They come out with an additional timestamp value instead of an address/value pair.
nbsp
PcapDotNet.Packets.Dns.DnsLayer.DnsLayer The Records field query needs non-null concatables

ofekagmon[CodePlex]
hello,
I am using pcap.net to capture packets (_communicator.RecievePackets(HandlePacket, 0)

the thing is, the _communicator gets packets that I recieved to my computer before I acatually started the RecievePackets method.
I think that's maybe because there is a buffer that buffers packets. (Is that correct?)

I thought about just setting the BufferSize and lowering it so it will get only packets that are sent while his RecievePackets method is running.

what is the default size of the buffer?
and also, how can I make it only get packets that are recieved while he is running?

Thanks a lot,
Ofek

Brickner[CodePlex]
Add support for ARP datagrams (over Ethernet).
Should looks like this:
Packet packet;
packet.Ethernet.Arp...

Brickner[CodePlex]
Currently, Pcap.Net only uses the pcap_pkthdr.caplen field and it's not possible to read and set the pcap_pkthdr.len field.

Brickner[CodePlex]
Over IPv4.
RFC 2784.

Brickner[CodePlex]
Add support for DNS datagrams (over UDP and maybe over TCP).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Udp.Dns...

Brickner[CodePlex]
Details are here:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5459

Brickner[CodePlex]
http://www.ietf.org/proceedings/48/I-D/idmr-traceroute-ipm-07.txt

Astaelan[CodePlex]
The code currently makes some assumptions regarding headers, in particular with regards to Ethernet Trailing data which can appear after the TCP header. This results in TCP payloads that include the trailing ethernet headers, when in fact the payload should
be empty.
nbsp
See the included packet, 00 00 88 82 e4 be are part of the ethernet header.
nbsp
0000 00 1e 8c 2e 1b 80 00 1c f0 54 a0 a5 08 00 45 28
0010 00 28 2a 4f 40 00 75 06 b4 f8 d3 2b 92 8a c0 a8
0020 00 02 1e c8 0e 48 f6 f3 30 cb 3f 5e bc 38 50 10
0030 ff d7 39 36 00 00 00 00 88 82 e4 be

HomerYan[CodePlex]
I have multiple (gt2000) pcap files to precess. The code goes following:
............
listltstringgt Files;
foreach(string CapFilePath in Files)
{
OfflinePacketDevice selectedDevice = new OfflinePacketDevice(CapFilePath);
using (PacketCommunicator communicator =
selectedDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
{
communicator.ReceivePackets(0, DispatcherHandler);
}
}
private static void DispatcherHandler(Packet packet)
{
......
}

Always after approximately 510 files have processed, the programe will exit with quotFails to open file......quot.
I think it maybe caused by exhausted file handle resource.
How to close a cap file explicitly?
Apologize for my poor English.

Brickner[CodePlex]
Currently when trying to get the list of devices with an IPv6 enabled device an unsupported exception will be received.
This issue will resolve it.
It won't, however, allow you to parse the IPv6 header, only get the devices that enable them and use them.

Opera362[CodePlex]
If you use this code (in v0.6 and v0.7):
nbsp
var ipLayer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer();
ipLayer.Destination = myNewTargetIp;
ipLayer.HeaderChecksum = null;
nbsp
Then, as the documentation says for HeaderChecksum property:
The header checksum value. null means that this value should be calculated to be correct according to the data.
nbsp
Although this is apparently being calculated in the IpV4Datagram.Write method... it is not implemented correctly, because the previous Checksum bytes are already there and therefore included in the new Checksum calculation (!!). They must be cleared just before,
like this:
nbsp
// Clear Checksum value (if null)
if (!headerChecksumValue.HasValue)
{
buffer[offset + Offset.HeaderChecksum] = 0;
buffer[offset + Offset.HeaderChecksum + 1] = 0;
}
nbsp
See attached Patch (SVN format) to fix this.

Brickner[CodePlex]
Reconstruct sessions of TCP.
This might be a completely separate project that only uses Pcap.Net or maybe just a separate DLL.

Brickner[CodePlex]
Add support for IGMP datagrams (over IPv4).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Igmp...

khundalini[CodePlex]
It would be very interesting if Pcap.Net could be detect and capture VoIP packets, allowing applications to monitor internal calls and record conversations in .wav files.

nMacmullen[CodePlex]
Possibly this is due to me misunderstanding the way the library is intended to work but it seems odd that Pcap sometimes reports that packets larger than the ethernet MTU are received.
nbsp
I've attached a simple program to demonstrate the issue.
nbsp
It is built to target .Net v4.
References are set up to the .x86 dlls from 0.8.0.54547
The program is run under Windows 7 (64 bit)
nbsp
Sample output....
nbsp
C:gtoddSizedPackets.exe 2
using Network adapter 'Intel(R) 82567LF-2 Gigabit Network Connection' on local host
packets received: 401
Received oversize EN10MB (Ethernet) packet:2704 eth 2690
packets received: 426
Received oversize EN10MB (Ethernet) packet:2279 eth 2265
packets received: 1146
Received oversize EN10MB (Ethernet) packet:2278 eth 2264
packets received: 1162
Received oversize EN10MB (Ethernet) packet:2704 eth 2690
packets received: 1467
Received oversize EN10MB (Ethernet) packet:2480 eth 2466
packets received: 2264^C
nbsp
nbsp
When running Wireshark in parallel, there is no sign of the oversized packets actually being received on the interface.
nbsp
I'm happy to run further tests if that would be helpful.

youngcm2[CodePlex]
Ability to retrieve the package from nuget.
nbsp
http://docs.nuget.org/docs/creating-packages/creating-and-publishing-a-package

TonyHardie[CodePlex]
It would be great if we could have vlan tagging support when constructing with packet builder. vlan tag is just another 4 bytes After the source Mac address before Ethernet type (nothing else).
Those 4 bytes are
xxx. .... .... .... = Priority:
...1 .... .... .... = CFI
.... xxxx xxxx xxxx = VLANID
(see http://en.wikipedia.org/wiki/IEEE_802.1Q) frame format.

Brickner[CodePlex]
Add support for HTTP datagrams (over TCP and maybe over UDP).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Tcp.Http...
nbsp
http://tools.ietf.org/html/rfc1945
http://tools.ietf.org/html/rfc2616
http://www.iana.org/assignments/http-status-codes

Dauphinus[CodePlex]
I use HttpResponseLayer to trace HTTP sessions from a WebBrowser, and I need to use the Body in my application (HttpResponseLayer.Body) but I noticed that if the http response is too large it is still limited to approximately 1200 bytes, therefore incomplete!
nbsp
My code at last post :
http://pcapdotnet.codeplex.com/discussions/245743

sandrews[CodePlex]
According to Boaz (see Discussion titled quotinternal DataSegment members should be protectedquot on 04-14-2011), the Pcap.Net library is not currently intended to be extended by clients in external assemblies.
nbsp
This issue is an enhancement request to design and implement support for plugins/extensions of datagrams and layers.

sumtec[CodePlex]
According to http://en.wikipedia.org/wiki/IPv4 the Option Value in the high 3 bits of the byte value in offset 6 should have:
0 Reserved
1 Don't Fragment
2 More Fragments

However, right now the code looks like this:
/// ltsummarygt
/// May Fragment, Last Fragment.
/// lt/summarygt
None = 0x0 ltlt 13,

/// ltsummarygt
/// More Fragments.
/// lt/summarygt
MoreFragments = 0x1 ltlt 13,  // lt-------- this should be DoNotFragment

/// ltsummarygt
/// Don't Fragment.
/// lt/summarygt
DoNotFragment = 0x2 ltlt 13  // lt-------- this should be MoreFragments

They are just transposed.

Twoeyes[CodePlex]
Hi,
when I run my program which uses Pcap.Net, when the program is going to exit it crashes with the error quotvshost32.exe has stopped workingquot. I used other third party libraries (even from codeplex) and this didn't happen with them, which is why I'm suspecting
Pcap.Net. Although human error (from my side) is still probably the problem. So if someone can show me what setting or whatever I need to do, it would be very much appreciated.

brownee[CodePlex]
Can you please consider adding MPLS Header support to pcap.net?
nbsp
I have attached a pcap file with examples of packets with MPLS headers.
nbsp
Regards,
Brownee

chrisweber[CodePlex]
Internet Explorer sends raw UTF-8 encoded bytes for everything after the quot?quot in an HTTP request URI. If the following HTTP request crosses pcap.net:
nbsp
GET /%E2%84%AB/?Å#Å HTTP1/0
Host: example.com
User-Agent: Firefox
nbsp
I get a null set of Headers returned from the packet.Ethernet.IpV4.Tcp.Http.Header collection. I also get a truncated URI:
nbsp
(((PcapDotNet.Packets.Http.HttpRequestDatagram)(packet.Ethernet.IpV4.Tcp.Http))).Uri quot/%E2%84%AB/?quot string
nbsp
nbsp
Is there an internal problem parsing this? I know this is not legal HTTP, I'm doing it on purpose, but I thought pcap.net would be a little more liberal in what it accepted.

Brickner[CodePlex]
Support FTP protocol.

sumtec[CodePlex]
According to https://en.wikipedia.org/wiki/IPv4, when a ipv4 packet is fragmented, the total length should be the length of the current segment. However, in the real world, I found that the
total length could be zero when there are payload and the ip4v packet is marked quotMore Fragmentationsquot. In this case, the code now will return no data inside ipv4 packet, i.e. no TCP packet, which is not correct.

Brickner[CodePlex]
Add support for UDP datagrams (over IPv4).
Should looks like this:
Packet packet;
packet.Ethernet.IpV4.Udp...

Qix[CodePlex]
In PacketCommunicator.ReceivePackets, there is a typo in the documentation: quotconutquot should be quotcountquot.

Brickner[CodePlex]
Current support uses ReceiveSomePackets.
This is efficient since all packets currently in the buffer to read are read together but this can cause more packets to be read beyond the requested amount.
This means that while the IEnumerable will receive the expected number of packets, there might be more packets that have been read beyond the packets that the IEnumerable contains.

Brickner[CodePlex]
The translation of DateTime to WinPcap's timestamp rounds everything to milliseconds, which makes sub milliseconds precision unsupported.

varstas[CodePlex]
Support SMTP protocol.

Brickner[CodePlex]
Full support for IPv6 layers over Ethernet.