[Winpcap-users] PPP connection - filtering problem
Stanislaw Wierchola
stacho at tls.pl
Mon Aug 22 11:10:09 GMT 2005
Hi,
I use WinPcap to count outgoing/incoming traffic. I have two filters:
"src IP_ADDRESS"/"dst IP_ADDRESS", where IP_ ADDRESS is the IP address
of the interface. It WORKS for Ethernet devices.
The problem is with PPP/SLIP connection. Both filters gives sum of
incoming end outgoing traffic. In WinPcap FAQ (Q-5: Can I use WinPcap on a
PPP connection?) there is information that:
"filtering and statistics gathering is done at user level."
I understand that filtering works on PPP connection but it is implemented
at user level WinPcap library ?
I use Windows XP SP2, WinPcap 3.1 and mingw.
I capture some packages from this inteface with Ethereal and they look
OK - they have correct source and destination IP addresses, etc.
The most important parts of the code (it works for Ethernet devices):
pcap_if_t *d;
//1. Search for all devices
pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf);
//2. User select one of devices - d
...
//3. Open selected device
fp= pcap_open(d->name, 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf);
//4. Create, compile and set filter
netmask=0xffffff; // or taken from pcap_addr->netmask
string filtr = "dst "; // or "dst host "
filtr += iptos(((struct sockaddr_in *)d->addresses->addr)->sin_addr.s_addr);
pcap_compile(fp, &fcode, (char*)filtr.c_str(), 1, netmask);
pcap_setfilter(fp, &fcode);
//5. Change mode to stat
pcap_setmode(fp, MODE_STAT);
//6. Start loop
pcap_loop(fp, 0, dispatcher_handler, NULL);
// Counter function
dispatcher_handler(u_char *parameters, const struct pcap_pkthdr *header,
const u_char *pkt_data)
{
...
counter += (*(LONGLONG*)(pkt_data + 8)) ;
...
}
Thanks for help,
Stanislaw Wierchola
More information about the Winpcap-users
mailing list