difference between Wireshark and application-level UDP read

Question

0.00/5 (No votes)

See more:

Hello, I don't have much knowledge on communication protocols and I'm confused with:

I observed that Wireshark capture is more robust (?) than C-application with CSocket (ReceiveFrom()) to receive UDP data.

What factors make the difference? Is Wireshark doing some low-level tasks?

Can I use the capture of Wireshark as a comparison to assess my UDP receiving application?

I'm appreciating your help.

Posted 21-Jul-15 20:00pm

Member 11499804

Add a Solution

Comments

Frankie-C 22-Jul-15 4:02am

Wireshark installs a driver that intercepts whole network traffic and for any address that can be seen from the connection (sniffing). The Driver is a complete package available in open source named 'WinPcap" (google for it). This is *not* the solution for your problems anyway.
The problems you have IMHO are not related to receive routines nor to the threads priorities. Maybe there are problems with buffer dimensions (ReceiveFrom() discards data if buffer is not sufficient to hold whole received data).

Member 11499804 22-Jul-15 4:18am

Thank you for your valuable advice!

Frankie-C 22-Jul-15 5:25am

Yo're welcome I'll be glad to hear if you solved your problem.

3 solutions

Solution 1

Wireshark is an open-source tool, so you can get its code and learn it to understand, how exactly the goals are fulfilled...
https://www.wireshark.org/[^]

Posted 21-Jul-15 20:29pm

Kornfeld Eliyahu Peter

Solution 3

Quote:
I observed that Wireshark capture is more robust (?) than C-application with CSocket (ReceiveFrom()) to receive UDP data.

Not more robust. If implemented correctly, your application should get every single packet wireshark gets.

Quote:
What factors make the difference? Is Wireshark doing some low-level tasks?

Yes it is, as already mentioned, it uses a low level driver to set your network card in "promiscuous mode" and capture anything that passes through it.

Quote:
Can I use the capture of Wireshark as a comparison to assess my UDP receiving application?

Sure, that's what the application is used for after all... packet analysis. If your application is not receiving something, you can analyze the packets in wireshark to see if there is something wrong with them. For example, if some higher-level fields are not being filled in correctly... you may never see it at the application level. That's on purpose, you wouldn't want to capture a bunch of junk on the wire in your application would you? If there is nothing wrong with the packets and you're still losing them, that would point towards architectural problems with your software design. Perhaps you may be spending too much time doing other tasks before servicing your sockets and your buffers are filling up and dropping data. Either way, wireshark is your friend for analysis of network traffic.

Posted 23-Jul-15 14:32pm

Albert Holguin

Updated 23-Jul-15 14:33pm

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

User 59241 · Accepted Answer · 2015-07-21T21:45:00

You have probably realised that you are starting to go around in circles. Wireshark uses pcap https://en.wikipedia.org/wiki/Pcap[^] which is a very low level packet sniffing API. It accesses the hardware directly and bypasses the TCP stack altogether. This makes it useful for diagnosing network traffic and network hardware. If your are on Windows it is WinPcap http://www.winpcap.org/[^]

In your case it is able to confirm packets are arriving. Is it more robust than XYZ. No. It is a specific tool and once you know the network is working who cares.

When you added threads to your program probably the best thing you could have added was moving from UDP to TCP. This gives you guarantees, retransmits, handshaking etc. If you then added your own packet IDs and maybe checksums you would not only be getting closer to a reliable system but also have some means of verification.

Whether to use TCP or UDP would have to be based on proper analysis but generally the use of UDP means that you are prepared for lost packets. If lost data is an issue then TCP is the way.

It would however still be down to you to get it all working and that can also be a challenge.