[Winpcap-users] howto compare the ip and mac
Gianluca Varenni
gianluca.varenni at cacetech.com
Sat Mar 31 00:50:47 GMT 2007
If you just want to filter the packets, i.e. capture only the packets with a specific mac address or ip address, you need to use pcap_compile/pcap_setfilter and a filter string like "ether host 11:22:33:44:55:66" or "ip host 1.2.3.4".
If you want to compare the mac of a packet with another mac, you need to dissect the bytes of the received packet. For example, if the packet is coming from an ethernet interface, the mac destination is stored in the first 6 bytes of the packet, and the mac source is the next 6 bytes. In this case I suggest you to have a look at protocols.com for a reference to the most commonly used protocols like ethernet, ip, tcp.
Hope it helps
GV
----- Original Message -----
From: 欧福瑞
To: winpcap-users at winpcap.org
Sent: Thursday, March 29, 2007 5:46 PM
Subject: [Winpcap-users] howto compare the ip and mac
how to compare the ip(mac) string (192.168.0.2 or 00-11-22-33-44-55) with ip(mac) info in the captured packets (binary format)?
convert the string to binary? convert the binary to string?
------------------------------------------------------------------------------
通过 Windows Live Spaces 与朋友轻松共享您的生活。 立即尝试!
------------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070331/7b3bc194/attachment.htm
More information about the Winpcap-users
mailing list