[Winpcap-users] Determing incoming vs. outgoing packets.

Jason Cipriani jason.cipriani at gmail.com
Tue May 19 15:04:22 PDT 2009

Thanks for the reply.

If I have a pcap device open, do you know if there's a reliable way to
determine which of the devices returned by GetAdaptersInfo corresponds
to that device?

I would rather know exactly what MAC address belongs to the capture
device, so I can compare ethernet header MACs to just that one rather
than comparing it to the entire list of all adapters on the machine.


On Tue, May 19, 2009 at 5:13 PM, Gianluca Varenni
<gianluca.varenni at cacetech.com> wrote:
> For the moment there are only two ways to get the MAC address:
> 1. use the Packet API (which is a discouraged approach, since the packet API
> is subject to change without any notice)
> 2. use the IPHelper API.
> In one of next releases of WinPcap it will be possible to get the MAC
> address directly from the pcap API.
> The IP address instead is available in the output of pcap_findalldevs,
> please see the sample iflist for more details.
> Have a nice day
> GV
> ----- Original Message -----
> From: "Jason Cipriani" <jason.cipriani at gmail.com>
> To: <winpcap-users at winpcap.org>
> Sent: Friday, May 15, 2009 12:05 AM
> Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.
>> On Fri, May 15, 2009 at 2:27 AM, Jason Cipriani
>> <jason.cipriani at gmail.com> wrote:
>>> I am writing an application that uses winpcap to capture TCP/IP
>>> packets. Given that I know nothing about the machine that the
>>> application is running on, what is the best way to determine if a
>>> packet is incoming or outgoing?
>>> If it comes down to checking MAC/IP addresses, what's the best way to
>>> programmatically determine which addresses to check for? I do not want
>>> the user to be responsible for determining and entering their own MAC
>>> or local IP address, it must be done automatically.
>> So far I have succeeded in using the Windows API function
>> GetAdaptersInfo to get a list of local MAC addresses for ethernet
>> devices, and then comparing the source address in the packet's
>> ethernet header to the addresses in the list to determine the
>> direction.
>> I'm not sure if this is the most efficient way to do it but it *is*
>> meeting performance requirements on my test machine, so no worries for
>> now, I guess.
>> Still, if there is a simpler or more efficient way to do this, I'd
>> like to know just for reference.
>> Thanks,
>> Jason
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users

More information about the Winpcap-users mailing list