[Winpcap-users] Monitoring multiple network interfaces
Gianluca Varenni
gianluca.varenni at cacetech.com
Tue Dec 8 07:00:03 PST 2009
----- Original Message -----
From: "soulstone" <soulstone at gmx.de>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, December 08, 2009 6:16 AM
Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>
>
> Gianluca Varenni wrote:
>> ----- Original Message -----
>> From: "soulstone" <soulstone at gmx.de>
>> To: <winpcap-users at winpcap.org>
>> Sent: Sunday, December 06, 2009 12:59 PM
>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>
>>
>>>
>>> Gianluca Varenni wrote:
>>>> ----- Original Message -----
>>>> From: "soulstone" <soulstone at gmx.de>
>>>> To: <winpcap-users at winpcap.org>
>>>> Sent: Friday, December 04, 2009 7:02 AM
>>>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>>>
>>>>
>>>>> Gianluca Varenni wrote:
>>>>>> ----- Original Message -----
>>>>>> From: "soulstone" <soulstone at gmx.de>
>>>>>> To: <winpcap-users at winpcap.org>
>>>>>> Sent: Thursday, December 03, 2009 8:49 AM
>>>>>> Subject: [Winpcap-users] Monitoring multiple network interfaces
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I've tried to monitor multiple networ interfaces installed on
>>>>>>> a system.
>>>>>>> The reason is that I need to monitor network traffic to determine
>>>>>>> whether a user navigates to a given url.
>>>>>>>
>>>>>>> I'd rather capture only packages from the interface which is
>>>>>>> connected
>>>>>>> to the internet but I don't know how to find out which one I need.
>>>>>>>
>>>>>>> So I tried to monitor all interfaces.
>>>>>>> I did this by creating one thread per interface which calls
>>>>>>> pcap_loop.
>>>>>>> But this doesn't work.
>>>>>> What do you mean by "it doesn't work"?
>>>>> 1. I use pcap_findalldevs to get all devices.
>>>>> 2. I open every interface by pcap_open_live.
>>>>> 3. I use a loop to itter through all interfaces and spawn
>>>>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler,
>>>>> Err).
>>>>>
>>>>> Usually after that the method PacketHandler would be called
>>>>> if I only invoke pcap_look for the correct interface with internet
>>>>> access.
>>>>> But if I try to monitor multiple interfaces the function PacketHandler
>>>>> isn't called anymore.
>>>>>
>>>>> I also tried to reverse the loop (the first interface is coincidental
>>>>> the one with internet access) it works.
>>>> What's the name of the interface with real traffic? What OS are you
>>>> running
>>>> on?
>>> Why does the name of the interface matter? I know which one works on my
>>> computer but I need a way to identify the one with real traffic also for
>>> other users without user interaction.
>>>
>>> I used XP, Vista, Win7 for my tests.
>>> I've multiple network interfaces installed on these machines.
>>>
>>
>> I want to know if you are capturing from the interface called "Generic
>> dialup/VPN interface" (or any VPN/dialup one)
>>
>
> I don't capture from a "Generic dialup/VPN interface".
> E.g. there are two normal network interfaces and 2 virtual interfaces
> created by virtualpc on one machine.
> Maybe this could be a problem?
No.
What are the parameters passed to pcap_open_live? In interested in the
timeout value.
Does pcap_loop ever return (even if PacketHandler is not called)?
Can you please try using pcap_next_ex in your code and see what is the error
code returned by it?
Have a nice day
GV
>
>> GV
>>
>>> Kind regards,
>>> dy
>>>
>>>> GV
>>>>
>>>>
>>>>> Example code:
>>>>> // doesn't work
>>>>> for i := 0 to Length(Interfaces) - 1 do
>>>>> begin
>>>>> // creates a thread which calls pcap_loop
>>>>> SpawnMonitor(Interfaces[i];
>>>>> end;
>>>>>
>>>>> // works, because our (now last) item is the correct NIC
>>>>> for i := Length(ValidP) - 1 downto 0 do
>>>>> begin
>>>>> SpawnMonitor(Interfaces[i];
>>>>> end;
>>>>>
>>>>> So the problem is that PacketHandler isn't called for all devices.
>>>>>
>>>>> Kind regards,
>>>>> dy
>>>>>
>>>>>> GV
>>>>>>
>>>>>>> Specifying only one interface everything works fine.
>>>>>>> Can I only monitor one interface at once or do I miss something?
>>>>>>>
>>>>>>> Maybe someone can give me an advice.
>>>>>>>
>>>>>>>
>>>>>>> Kind regards,
>>>>>>> dy
>>>>>>> _______________________________________________
>>>>>>> Winpcap-users mailing list
>>>>>>> Winpcap-users at winpcap.org
>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list