[Winpcap-users] Monitoring multiple network interfaces
Gianluca Varenni
gianluca.varenni at cacetech.com
Mon Dec 7 16:57:19 PST 2009
----- Original Message -----
From: "soulstone" <soulstone at gmx.de>
To: <winpcap-users at winpcap.org>
Sent: Sunday, December 06, 2009 12:59 PM
Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>
>
> Gianluca Varenni wrote:
>> ----- Original Message -----
>> From: "soulstone" <soulstone at gmx.de>
>> To: <winpcap-users at winpcap.org>
>> Sent: Friday, December 04, 2009 7:02 AM
>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>
>>
>>> Gianluca Varenni wrote:
>>>> ----- Original Message -----
>>>> From: "soulstone" <soulstone at gmx.de>
>>>> To: <winpcap-users at winpcap.org>
>>>> Sent: Thursday, December 03, 2009 8:49 AM
>>>> Subject: [Winpcap-users] Monitoring multiple network interfaces
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> I've tried to monitor multiple networ interfaces installed on
>>>>> a system.
>>>>> The reason is that I need to monitor network traffic to determine
>>>>> whether a user navigates to a given url.
>>>>>
>>>>> I'd rather capture only packages from the interface which is connected
>>>>> to the internet but I don't know how to find out which one I need.
>>>>>
>>>>> So I tried to monitor all interfaces.
>>>>> I did this by creating one thread per interface which calls pcap_loop.
>>>>> But this doesn't work.
>>>> What do you mean by "it doesn't work"?
>>> 1. I use pcap_findalldevs to get all devices.
>>> 2. I open every interface by pcap_open_live.
>>> 3. I use a loop to itter through all interfaces and spawn
>>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler,
>>> Err).
>>>
>>> Usually after that the method PacketHandler would be called
>>> if I only invoke pcap_look for the correct interface with internet
>>> access.
>>> But if I try to monitor multiple interfaces the function PacketHandler
>>> isn't called anymore.
>>>
>>> I also tried to reverse the loop (the first interface is coincidental
>>> the one with internet access) it works.
>>
>> What's the name of the interface with real traffic? What OS are you
>> running
>> on?
>
> Why does the name of the interface matter? I know which one works on my
> computer but I need a way to identify the one with real traffic also for
> other users without user interaction.
>
> I used XP, Vista, Win7 for my tests.
> I've multiple network interfaces installed on these machines.
>
I want to know if you are capturing from the interface called "Generic
dialup/VPN interface" (or any VPN/dialup one)
GV
> Kind regards,
> dy
>
>> GV
>>
>>
>>> Example code:
>>> // doesn't work
>>> for i := 0 to Length(Interfaces) - 1 do
>>> begin
>>> // creates a thread which calls pcap_loop
>>> SpawnMonitor(Interfaces[i];
>>> end;
>>>
>>> // works, because our (now last) item is the correct NIC
>>> for i := Length(ValidP) - 1 downto 0 do
>>> begin
>>> SpawnMonitor(Interfaces[i];
>>> end;
>>>
>>> So the problem is that PacketHandler isn't called for all devices.
>>>
>>> Kind regards,
>>> dy
>>>
>>>> GV
>>>>
>>>>> Specifying only one interface everything works fine.
>>>>> Can I only monitor one interface at once or do I miss something?
>>>>>
>>>>> Maybe someone can give me an advice.
>>>>>
>>>>>
>>>>> Kind regards,
>>>>> dy
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list