[Winpcap-users] Dynamic filtering
Loris Degioanni
loris.degioanni at gmail.com
Fri May 27 17:48:18 GMT 2005
libpcap works well with static filters, but is not a great solution for
your kind of problems.
In my opinion, the easy solution is to implement your custom filtering
over winpcap, i.e. bringing all the packets to user level. The packet
capture process becomes potentially a bottleneck, but you partially
balance it implmenting the filtering in an efficient way, e.g. with some
hashing function.
The best (and hard) solution is to implement this hashing function in
the driver, and then create an IOCTL-based mechanism to control it.
Loris
Pelles, Noam wrote:
> Hi,
>
> I am writing a network sniffer that changes the expression all the time
> - IP's are added and removed.
> The number of IP's is changed between 5 - 100.
> As far as I understand when changing the expression all the packets that
> were already received are thrown.
> My question is - what is the best way to implement dynamic filtering ?
> Is it the using of multiple clients ( a client for each IP captured ,
> and reduce the size of the buffer dramatically) ? or other ?
>
> Thanks
> __________________________________________________________________________________________
> This electronic message contains information from Verint Systems, which
> may be privileged and confidential.
> The information is intended to be for the use of the individual(s)or
> entity named above.
> If you are not the intended recipient, be aware that any disclosure,
> copying, distribution or use of the contents of this information is
> prohibited.
> If you have received this electronic message in error, please notify us
> by replying to this email (1).
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list