Before or After OS?

May 6, 2012 at 6:25 PM

I used the pcap library in Linux for a grad project this term. It saw the packets coming into the system prior to the OS. I decided to make a more robust version of the Linux program I wrote. Well, testing it with my students, I noticed that the McAfee firewall would prevent my program from seeing the packets during a port scan. The port scan still returned information back to the scanner but McAfee prevented my application from seeing the packets. After turning off the McAfee firewall, my application was able to see the packets.

Is seeing the packets post OS? If not, then why would the McAfee firewall be able to prevent my app from seeing the packets?



May 7, 2012 at 4:17 PM

Hi Excidium,


Pcap.Net just wraps WinPcap so it has the same behavior in that sense.

If WinPcap will see the packets, so would Pcap.Net.

Try sniffing the packets using Wireshark and see if you can see them.

If you can't, it has nothing to do with Pcap.Net and you should investigate on WinPcap or McAfee sites.


Sorry for not being able to be more helpful,