[Winpcap-users] Monitoring multiple network interfaces
soulstone
soulstone at gmx.de
Sun Dec 6 12:59:12 PST 2009
Gianluca Varenni wrote:
> ----- Original Message -----
> From: "soulstone" <soulstone at gmx.de>
> To: <winpcap-users at winpcap.org>
> Sent: Friday, December 04, 2009 7:02 AM
> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>
>
>> Gianluca Varenni wrote:
>>> ----- Original Message -----
>>> From: "soulstone" <soulstone at gmx.de>
>>> To: <winpcap-users at winpcap.org>
>>> Sent: Thursday, December 03, 2009 8:49 AM
>>> Subject: [Winpcap-users] Monitoring multiple network interfaces
>>>
>>>
>>>> Hi,
>>>>
>>>> I've tried to monitor multiple networ interfaces installed on
>>>> a system.
>>>> The reason is that I need to monitor network traffic to determine
>>>> whether a user navigates to a given url.
>>>>
>>>> I'd rather capture only packages from the interface which is connected
>>>> to the internet but I don't know how to find out which one I need.
>>>>
>>>> So I tried to monitor all interfaces.
>>>> I did this by creating one thread per interface which calls pcap_loop.
>>>> But this doesn't work.
>>> What do you mean by "it doesn't work"?
>> 1. I use pcap_findalldevs to get all devices.
>> 2. I open every interface by pcap_open_live.
>> 3. I use a loop to itter through all interfaces and spawn
>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler,
>> Err).
>>
>> Usually after that the method PacketHandler would be called
>> if I only invoke pcap_look for the correct interface with internet access.
>> But if I try to monitor multiple interfaces the function PacketHandler
>> isn't called anymore.
>>
>> I also tried to reverse the loop (the first interface is coincidental
>> the one with internet access) it works.
>
> What's the name of the interface with real traffic? What OS are you running
> on?
Why does the name of the interface matter? I know which one works on my
computer but I need a way to identify the one with real traffic also for
other users without user interaction.
I used XP, Vista, Win7 for my tests.
I've multiple network interfaces installed on these machines.
Kind regards,
dy
> GV
>
>
>> Example code:
>> // doesn't work
>> for i := 0 to Length(Interfaces) - 1 do
>> begin
>> // creates a thread which calls pcap_loop
>> SpawnMonitor(Interfaces[i];
>> end;
>>
>> // works, because our (now last) item is the correct NIC
>> for i := Length(ValidP) - 1 downto 0 do
>> begin
>> SpawnMonitor(Interfaces[i];
>> end;
>>
>> So the problem is that PacketHandler isn't called for all devices.
>>
>> Kind regards,
>> dy
>>
>>> GV
>>>
>>>> Specifying only one interface everything works fine.
>>>> Can I only monitor one interface at once or do I miss something?
>>>>
>>>> Maybe someone can give me an advice.
>>>>
>>>>
>>>> Kind regards,
>>>> dy
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list