[Winpcap-users] Determing incoming vs. outgoing packets.
gianluca.varenni at cacetech.com
Tue May 19 15:23:42 PDT 2009
If the adapter has an IP address you can probably match the IP address
returned by pcap with the combination IP/MAC that the IP helper API *should*
return. However I've never tried myself...
Have a nice day
----- Original Message -----
From: "Jason Cipriani" <jason.cipriani at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, May 19, 2009 3:04 PM
Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.
> Thanks for the reply.
> If I have a pcap device open, do you know if there's a reliable way to
> determine which of the devices returned by GetAdaptersInfo corresponds
> to that device?
> I would rather know exactly what MAC address belongs to the capture
> device, so I can compare ethernet header MACs to just that one rather
> than comparing it to the entire list of all adapters on the machine.
> On Tue, May 19, 2009 at 5:13 PM, Gianluca Varenni
> <gianluca.varenni at cacetech.com> wrote:
>> For the moment there are only two ways to get the MAC address:
>> 1. use the Packet API (which is a discouraged approach, since the packet
>> is subject to change without any notice)
>> 2. use the IPHelper API.
>> In one of next releases of WinPcap it will be possible to get the MAC
>> address directly from the pcap API.
>> The IP address instead is available in the output of pcap_findalldevs,
>> please see the sample iflist for more details.
>> Have a nice day
>> ----- Original Message -----
>> From: "Jason Cipriani" <jason.cipriani at gmail.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Friday, May 15, 2009 12:05 AM
>> Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.
>>> On Fri, May 15, 2009 at 2:27 AM, Jason Cipriani
>>> <jason.cipriani at gmail.com> wrote:
>>>> I am writing an application that uses winpcap to capture TCP/IP
>>>> packets. Given that I know nothing about the machine that the
>>>> application is running on, what is the best way to determine if a
>>>> packet is incoming or outgoing?
>>>> If it comes down to checking MAC/IP addresses, what's the best way to
>>>> programmatically determine which addresses to check for? I do not want
>>>> the user to be responsible for determining and entering their own MAC
>>>> or local IP address, it must be done automatically.
>>> So far I have succeeded in using the Windows API function
>>> GetAdaptersInfo to get a list of local MAC addresses for ethernet
>>> devices, and then comparing the source address in the packet's
>>> ethernet header to the addresses in the list to determine the
>>> I'm not sure if this is the most efficient way to do it but it *is*
>>> meeting performance requirements on my test machine, so no worries for
>>> now, I guess.
>>> Still, if there is a simpler or more efficient way to do this, I'd
>>> like to know just for reference.
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
More information about the Winpcap-users