[Winpcap-users] Monitoring multiple network interfaces

soulstone soulstone at gmx.de
Tue Dec 8 10:29:48 PST 2009



soulstone wrote:
> 
> Gianluca Varenni wrote:
>> ----- Original Message ----- 
>> From: "soulstone" <soulstone at gmx.de>
>> To: <winpcap-users at winpcap.org>
>> Sent: Tuesday, December 08, 2009 6:16 AM
>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>
>>
>>> Gianluca Varenni wrote:
>>>> ----- Original Message ----- 
>>>> From: "soulstone" <soulstone at gmx.de>
>>>> To: <winpcap-users at winpcap.org>
>>>> Sent: Sunday, December 06, 2009 12:59 PM
>>>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>>>
>>>>
>>>>> Gianluca Varenni wrote:
>>>>>> ----- Original Message ----- 
>>>>>> From: "soulstone" <soulstone at gmx.de>
>>>>>> To: <winpcap-users at winpcap.org>
>>>>>> Sent: Friday, December 04, 2009 7:02 AM
>>>>>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>>>>>
>>>>>>
>>>>>>> Gianluca Varenni wrote:
>>>>>>>> ----- Original Message ----- 
>>>>>>>> From: "soulstone" <soulstone at gmx.de>
>>>>>>>> To: <winpcap-users at winpcap.org>
>>>>>>>> Sent: Thursday, December 03, 2009 8:49 AM
>>>>>>>> Subject: [Winpcap-users] Monitoring multiple network interfaces
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I've tried to monitor multiple networ interfaces installed on
>>>>>>>>> a system.
>>>>>>>>> The reason is that I need to monitor network traffic to determine
>>>>>>>>> whether a user navigates to a given url.
>>>>>>>>>
>>>>>>>>> I'd rather capture only packages from the interface which is 
>>>>>>>>> connected
>>>>>>>>> to the internet but I don't know how to find out which one I need.
>>>>>>>>>
>>>>>>>>> So I tried to monitor all interfaces.
>>>>>>>>> I did this by creating one thread per interface which calls 
>>>>>>>>> pcap_loop.
>>>>>>>>> But this doesn't work.
>>>>>>>> What do you mean by "it doesn't work"?
>>>>>>> 1. I use pcap_findalldevs to get all devices.
>>>>>>> 2. I open every interface by pcap_open_live.
>>>>>>> 3. I use a loop to itter through all interfaces and spawn
>>>>>>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler,
>>>>>>> Err).
>>>>>>>
>>>>>>> Usually after that the method PacketHandler would be called
>>>>>>> if I only invoke pcap_look for the correct interface with internet
>>>>>>> access.
>>>>>>> But if I try to monitor multiple interfaces the function PacketHandler
>>>>>>> isn't called anymore.
>>>>>>>
>>>>>>> I also tried to reverse the loop (the first interface is coincidental
>>>>>>> the one with internet access) it works.
>>>>>> What's the name of the interface with real traffic? What OS are you
>>>>>> running
>>>>>> on?
>>>>> Why does the name of the interface matter? I know which one works on my
>>>>> computer but I need a way to identify the one with real traffic also for
>>>>> other users without user interaction.
>>>>>
>>>>> I used XP, Vista, Win7 for my tests.
>>>>> I've multiple network interfaces installed on these machines.
>>>>>
>>>> I want to know if you are capturing from the interface called "Generic
>>>> dialup/VPN interface" (or any VPN/dialup one)
>>>>
>>> I don't capture from a "Generic dialup/VPN interface".
>>> E.g. there are two normal network interfaces and 2 virtual interfaces
>>> created by virtualpc on one machine.
>>> Maybe this could be a problem?
>> No.
>>
>> What are the parameters passed to pcap_open_live? In interested in the 
>> timeout value.
>> Does pcap_loop ever return (even if PacketHandler is not called)?
>> Can you please try using pcap_next_ex in your code and see what is the error 
>> code returned by it?
> 
> pcap_open_live is called with:
> 
> P := _Pcap_Open_Live(IntfaceName
> 	, 65536  { packed size to sniff }
>        	, 0     	
>        	, 1000   { timeout }
>        	, aErr);
> 
> Soon I'll reply because of the return values of pcap_next_ex.

I'm sorry. I figured my mistake out. v.v
While changing my code to fit for pcap_next_ex I've checked
every value.
Than it occured to my. For each threadcall I've overwritten
the parameters passed to that thread.
So each created thread pointed to the same device.
I'm sorry for that and thanks for all your help.

Have a nice day and thanks alot.
  dy


>> Have a nice day
>> GV
>>
>>
>>
>>>> GV
>>>>
>>>>> Kind regards,
>>>>>   dy
>>>>>
>>>>>> GV
>>>>>>
>>>>>>
>>>>>>> Example code:
>>>>>>>   // doesn't work
>>>>>>>   for i := 0 to Length(Interfaces) - 1 do
>>>>>>>   begin
>>>>>>> // creates a thread which calls pcap_loop
>>>>>>> SpawnMonitor(Interfaces[i];
>>>>>>>   end;
>>>>>>>
>>>>>>>   // works, because our (now last) item is the correct NIC
>>>>>>>   for i := Length(ValidP) - 1 downto 0 do
>>>>>>>   begin
>>>>>>> SpawnMonitor(Interfaces[i];
>>>>>>>   end;
>>>>>>>
>>>>>>> So the problem is that PacketHandler isn't called for all devices.
>>>>>>>
>>>>>>> Kind regards,
>>>>>>>   dy
>>>>>>>
>>>>>>>> GV
>>>>>>>>
>>>>>>>>> Specifying only one interface everything works fine.
>>>>>>>>> Can I only monitor one interface at once or do I miss something?
>>>>>>>>>
>>>>>>>>> Maybe someone can give me an advice.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Kind regards,
>>>>>>>>>   dy
>>>>>>>>> _______________________________________________
>>>>>>>>> Winpcap-users mailing list
>>>>>>>>> Winpcap-users at winpcap.org
>>>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>>> _______________________________________________
>>>>>>>> Winpcap-users mailing list
>>>>>>>> Winpcap-users at winpcap.org
>>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Winpcap-users mailing list
>>>>>>> Winpcap-users at winpcap.org
>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users 
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> 


More information about the Winpcap-users mailing list