On 28-Oct-2015 03:22, xxxxx@yahoo.com wrote:
Looks like somebody dropped my pkt, probably NDIS, tcp/ip.sys?
I even disabled all protocols (except Netmon, ipv4), still I see this pkt drop.The destination port (i.e. the listening port on machine_1 is a well known port if that means anything here. But I used a ephemeral port as well, see same behavior.).
And what about MAC address? Do you send to the correct peer’s MAC
address or to broadcast or multicast?
– pa
Hi
I am sending to correct unicast MAC address. Below is the frame dumped from my mux driver. The udp payload is just the SOCKADDR to which this frame is directed
0: kd> db 0xffffe00019964282 ffffe00019964282 68 05 ca 37 24 48 68 05-ca 37 24 08 08 00 45 00 h…7$Hh…7$…E.
ffffe00019964292 00 2c 64 75 00 00 80 11-52 dd c0 a8 01 14 c0 a8 .,du....R....... ffffe000199642a2 01 0a fa 3f 12 b7 00 18-98 ee 00 00 00 00 00 00 …?..
ffffe000199642b2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ ffffe000199642c2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …
ffffe000199642d2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ ffffe000199642e2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …
ffffe000`199642f2 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 …
Turned out, the damn Firewall got enabled on the target.