[Winpcap-users] pcap_open / rpcap://any
Guy Harris
guy at alum.mit.edu
Fri Apr 21 19:52:49 GMT 2006
On Apr 21, 2006, at 10:30 AM, Chris Barlas wrote:
> I have been using winpcap for quite some time on a project with
> standardized hardware, but now we are moving to boxes that have
> multiple nics and no longer will they be standard (affecting the
> names and such). I was reading the docs and found that pcap_open
> can take a string for device name of rpcap://any, though I have
> been unable to get this to work. I have tried “any”,
That's an attempt to open the "any" device on the local machine.
That only works on Linux (Linux is the only OS I know of where the
underlying mechanism used for packet capture doesn't require you to
bind to a particular network interface, so you can just leave it
unbound and you get packets from all interfaces), and WinPcap is the
Windows version of libpcap, so that's not going to work. (As far as
I know, NDIS doesn't let you get access to all interfaces in parallel
by not binding to a particular interface.)
> “rpcap://any”
According to the page at
http://www.winpcap.org/docs/docs31/html/
group__remote__source__string.html
that again opens the "any" device on the local machine.
> and saw the use of PCAP_SRC_IF_STRING (defined in remote-ext.h)
> with no luck. I receive the error “The interface name has not been
> specified in the source string.” How can one accomplish this?
See
http://www.redhat.com/
http://www.novell.com/linux/
http://www.debian.org/
etc. for some ideas on how to get the "any" device to work. :-)
> Does “any” really work as the docs suggest?
Only if the docs suggest that it works only on Linux.
> I do not want to have the user choose or have to configure in any
> way the app.
Either
1) use Linux
or
2) use pcap_findalldevs() to find all the network interfaces, and
open all of them and capture from all of them (e.g., in separate
threads).
More information about the Winpcap-users
mailing list