First of all, let me thank you guys for porting tcpdump to Windows.<br><br>I have been trying to get some programming exercise in and wanted to write a program to watch for unsolicited arp replies and boot them out of the arp table, defeating some arp cache poison attacks. Using Windump, I can easily just open a pipe and listen for arp requests coming from my machine, so I can know which replies to expect. However, the problem I have now is I cannot determine whether an arp request is actually coming from my NIC and not just being spoofed by another host on the network. For example, if an attacker knew how my program worked, they could just spoof an arp request, my program would see it in the output and trust the next reply it gets for that address.
<br><br>I couldn't find any switch that would print out in the packet output if the packet was inbound or outbound. This is on a Windows machine, and maybe it's just that on the layer that winpcap operates this cannot be achieved. But please let me know if and how I can run Windump in this manner. If I have to, I can write my program to have two pipes, one connected to a Windump instance only listening to inbound traffic, the other listening to only outbound. Thank you for your help.
<br clear="all"><br>-- <br>If you look through windows you can see what people are doing. If you try to look through a penguin it will bite you.