locked
Vista drops udp packets with source ip address "0.10.0.0" RRS feed

  • Question

  • My VC++ MFC application communicates with network device. Network device acts as DHCP server and  Vista Laptop connected with cross over cable with network device. When my application sends UDP message to device it responds with source ip address as "0.10.0.0". Wireshark sees the packets whereas my application is not. My application receives data only when source ip is correct otherwise it does not. The same application works in XP for "0.10.0.0" source ip address. How can I make it work with Vista?. Please advice.

    Thanks.
    Friday, May 29, 2009 10:26 AM

Answers

  • Definately sounds like IP Stack validation then.  The alternative would be to use a different [valid] network (i.e. 1.x.x.x or the like)
    Dusty Harper [MSFT]
    Friday, May 29, 2009 6:21 PM
    Moderator

All replies

  • By the sound of it, the stack is dropping the packet.  0.x.x.x is not generally considered a valid subnet.  Can you check to see if the drop occurs with Windows Firewall disabled (or with the BFE Service Stopped [note doing this may open the machine to malicious attacks, so do so at your own risk]).

    Most Network Snifffing software sits at the lowest layer (NDIS) so it will see all traffic that enters the interface, and all traffic that actually leaves the interface.  If the packet has come in, NDIS only makes determinations for valid packets based off of the MAC Headers.  Then it gets passed to the IP Protocol stack.  THe IP stack will then perform further validation of the packet.  Depending on what validation fails, you may see an ICMP Error generated and sent back out the interface.   In other cases the stack will just discard the packet.

    In your sniff do you see any outbound ICMP Errors?  YOu can aslo enable auditing and tracing to help determine what is happening.

    Hope this helps.


    Dusty Harper [MSFT]
    Friday, May 29, 2009 11:22 AM
    Moderator
  • Drop happens even if firewall is configured to allow data or firewall completely disabled or BFE stopped. I do not see any ICMP error message sent out.

    Finally, I am planning to read from NDIS itself but that will extend project scope many fold.

    Friday, May 29, 2009 3:43 PM
  • Definately sounds like IP Stack validation then.  The alternative would be to use a different [valid] network (i.e. 1.x.x.x or the like)
    Dusty Harper [MSFT]
    Friday, May 29, 2009 6:21 PM
    Moderator
  • Unfortunately, I can not control / change network device. I can only change my PC program. Please help.
    Friday, May 29, 2009 6:23 PM