[Winpcap-users] How can igetthenew-estpacketfrombuffer?HELPPLEASE~!

Gianluca Varenni gianluca.varenni at cacetech.com
Tue May 26 10:22:25 PDT 2009

Sorry for jumping in this conversation late.

Please be aware that WinPcap does *not* overwrite older packets with new ones. If the kernel buffer (or the user buffer) is full, newer packets are simply dropped.

Have a nice day
  ----- Original Message ----- 
  From: Alan Jay Weiner 
  To: winpcap-users at winpcap.org 
  Sent: Tuesday, May 26, 2009 9:27 AM
  Subject: Re: [Winpcap-users] How can igetthenew-estpacketfrombuffer?HELPPLEASE~!

  I presume the packets contain some kind of status conditions and you're doing something based on the latest status.


  What about using small buffers?  The older data is overwritten by newer data - if the buffer is only large enough for 1 or 2 packets, you'll get the 1 or 2 most-recent packets.  All the other packets will be lost, but that seems ok in your situation.


  How many of the most-recent packets do you need?   Is it sufficient to have only the most-recent packet?



  - Al Weiner -



  Alan Jay Weiner / Valid8.com, Inc. - Conform, Perform & Excel(tm)
  500 W Cummings Park, Suite #2700, Woburn, MA 01801, USA
  a.weiner at valid8.com / Tel:+1-781-938-1221 x112, Fax +1-781-207-0550



  From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of rst
  Sent: Tuesday, May 26, 2009 5:19 AM
  To: winpcap-users at winpcap.org
  Subject: Re: [Winpcap-users] How can i getthenew-estpacketfrombuffer?HELPPLEASE~!


  The machine always sending packets , never stop.

  and my computer only connected with the machine (using a crossover network cable).

  so every packets I get are what I wanted, but only the newest packet I need.


  Machine ----(Sending packets)---> My Computer    .........................every 0.000005 second


  My Application ----(Get the newest packet)---> Get information to do control...................every 0.0001 second


  if the buffer can contrain 10000 packets,

  0.000005 * 10000 = 0.05 second,

  so I can only get the information before 0.05 second,

  but in my realtime control, i must get the information less than 0.0001 second.


  so have any ideas?


  Really thank you!!


    If the other machine is sending a constant 200,000 packets per second and won't slow down, you may be out of luck.  However, if the other machine sends 200,000 packet per second for a short burst (say 10 seconds), then you should be able to store those 2M packets into your own memory space.  After you store the packets, you can do your analysis.


    For a quick test, just change your control loop to do...


    static int counter;





    That is, don't do anything with the packet (other than advance the buffer and count how many you receive).  This will tell you how fast your machine can move through the buffer.


    If this works well, then you need to do a memcpy() of the packet into pre-allocated space (i.e. malloc your own circular queue).  This will slow down the loop, but should be much faster than 0.1ms.


    Last question:  Most packet capturing applications need to decode EVERY packet, are you saying that you do NOT need to decode every packet?  If not, how do you know which packets you need to decode and which ones you don't?




  Winpcap-users mailing list
  Winpcap-users at winpcap.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20090526/ca576e7c/attachment.htm 

More information about the Winpcap-users mailing list