Missing TCP Packets
-
Hi, Kindly note that, while capturing network incoming tcp packets using following codes/methods, missing some packets. It is sure that all packets all coming on my network perfectly fine but unfortunately I am missing some packets. Please let me know, what and where, I am doing mistake in my following mentioned codes. Thank you & Regards (Riaz)
public void Capture() { \_mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); \_mainSocket.Bind(new IPEndPoint(IPAddress.Parse("192.168.1.10"), 0)); var byTrue = new byte\[\] { 1, 0, 0, 0 }; var byOut = new byte\[\] { 1, 0, 0, 0 }; \_mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut); \_mainSocket.EnableBroadcast = true; \_mainSocket.BeginReceive(\_data, 0, \_data.Length, SocketFlags.None, OnReceive, null); } private void Parse(byte\[\] data, int size) { ipH = new IPHeader(data, size); if (ipH.ProtocolType == Protocol.TCP) { FilterData(data, size); } System.Threading.Thread.Sleep(5); } private void FilterData(byte\[\] data, int size) { // Here i am inserting & updating packets data into my database } -
Hi, Kindly note that, while capturing network incoming tcp packets using following codes/methods, missing some packets. It is sure that all packets all coming on my network perfectly fine but unfortunately I am missing some packets. Please let me know, what and where, I am doing mistake in my following mentioned codes. Thank you & Regards (Riaz)
public void Capture() { \_mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); \_mainSocket.Bind(new IPEndPoint(IPAddress.Parse("192.168.1.10"), 0)); var byTrue = new byte\[\] { 1, 0, 0, 0 }; var byOut = new byte\[\] { 1, 0, 0, 0 }; \_mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut); \_mainSocket.EnableBroadcast = true; \_mainSocket.BeginReceive(\_data, 0, \_data.Length, SocketFlags.None, OnReceive, null); } private void Parse(byte\[\] data, int size) { ipH = new IPHeader(data, size); if (ipH.ProtocolType == Protocol.TCP) { FilterData(data, size); } System.Threading.Thread.Sleep(5); } private void FilterData(byte\[\] data, int size) { // Here i am inserting & updating packets data into my database }Don't you think that by putting your thread to sleep that you're killing your performance for no reason? 5 milliseconds can be an eternity in the view of a packet. Also, packets can arrive so fast that you're not going to be able to process them at the same speed that they show up. You really need to have a FIFO buffering system between the receive code and the Parse/Filter code.
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
Hi, Kindly note that, while capturing network incoming tcp packets using following codes/methods, missing some packets. It is sure that all packets all coming on my network perfectly fine but unfortunately I am missing some packets. Please let me know, what and where, I am doing mistake in my following mentioned codes. Thank you & Regards (Riaz)
public void Capture() { \_mainSocket = new Socket(AddressFamily.InterNetwork, SocketType.Raw, ProtocolType.IP); \_mainSocket.Bind(new IPEndPoint(IPAddress.Parse("192.168.1.10"), 0)); var byTrue = new byte\[\] { 1, 0, 0, 0 }; var byOut = new byte\[\] { 1, 0, 0, 0 }; \_mainSocket.IOControl(IOControlCode.ReceiveAll, byTrue, byOut); \_mainSocket.EnableBroadcast = true; \_mainSocket.BeginReceive(\_data, 0, \_data.Length, SocketFlags.None, OnReceive, null); } private void Parse(byte\[\] data, int size) { ipH = new IPHeader(data, size); if (ipH.ProtocolType == Protocol.TCP) { FilterData(data, size); } System.Threading.Thread.Sleep(5); } private void FilterData(byte\[\] data, int size) { // Here i am inserting & updating packets data into my database }Interesting bit of code, although the implementation of OnReceive is not shown. The code suggest that your packets are TCP, so why are you not specifying that when you create the socket? When I do this sort of thing (in TCP), I normally listen on a socket and accept connections, so I'm not sure what's going on here. One possibility is that your code is not keeping up with the incoming packets, especially with the 5ms sleep that Dave points out. You could try increasing the receive buffer on the socket to test this assertion. And definitely get rid of the sleep. If you update your code with the pertinent OnRecieve, that would provide more clues.
Regards, Rob Philpott.
-
Don't you think that by putting your thread to sleep that you're killing your performance for no reason? 5 milliseconds can be an eternity in the view of a packet. Also, packets can arrive so fast that you're not going to be able to process them at the same speed that they show up. You really need to have a FIFO buffering system between the receive code and the Parse/Filter code.
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiakthanks for your suggestion
-
Interesting bit of code, although the implementation of OnReceive is not shown. The code suggest that your packets are TCP, so why are you not specifying that when you create the socket? When I do this sort of thing (in TCP), I normally listen on a socket and accept connections, so I'm not sure what's going on here. One possibility is that your code is not keeping up with the incoming packets, especially with the 5ms sleep that Dave points out. You could try increasing the receive buffer on the socket to test this assertion. And definitely get rid of the sleep. If you update your code with the pertinent OnRecieve, that would provide more clues.
Regards, Rob Philpott.
thanks for your suggestion