[Winpcap-users] Multiple instances

David Chang dchang at fsautomation.com
Fri May 14 08:56:47 PDT 2010 

I understand all the fields except SID and Process name.

Are you saying that Process name is just a description of the port (e.g. if 
the port is 80, the process name is firefox)?  Or, is it more complex than 
that?

How are you getting the SID from the packet capture?  Are you scanning the 
actual payload rather than just the header?  If so, your application would 
run much faster if you just captured the header.

DC

----- Original Message ----- 
From: "pro2c" <pro2c at litrca.com>
To: <winpcap-users at winpcap.org>
Sent: Friday, May 14, 2010 6:36 AM
Subject: Re: [Winpcap-users] Multiple instances


> SRC IP, DST IP, Protocol, Port, SID (process ID), Process name (which is
> using the port), Upload data (kB), Download data (kB), Upload speed,
> Download speed.
>
>
>
> -----Original Message-----
> From: winpcap-users-bounces at winpcap.org
> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
> Sent: Thursday, May 13, 2010 10:54 PM
> To: winpcap-users at winpcap.org
> Subject: Re: [Winpcap-users] Multiple instances
>
> What statistics are you capturing?  For example...
>
> Src IP Addr   Protocol   Port  Upload pkts Download pkts
> ------------ ---------- ------ ----------- -------------
> 192.168.1.1     TCP         80        2341       2419866
> 192.168.1.1     UDP       5000         987          1026
> 192.168.1.2     TCP         80        1298       1672340
>
> DC
>
> pro2c wrote:
>> I'm trying to make an active list of computer's ports with download and
>> upload statistics. So i need 2 instances for 1 port (download & upload)
>>
>>
>> -----Original Message-----
>> From: winpcap-users-bounces at winpcap.org
>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>> Sent: Thursday, May 13, 2010 7:49 PM
>> To: winpcap-users at winpcap.org
>> Subject: Re: [Winpcap-users] Multiple instances
>>
>> Could you use a single filter with 'OR' statements to fulfill the 200
>> conditions you wish to capture for?  Then, handle the resulting packets 
>> in
>
>> your own application?  Or will the 200 conditions just get every packet
>> anyway?
>>
>> Could you describe what your application is trying to do?
>>
>> DC
>>
>> ----- Original Message ----- 
>> From: "pro2c" <pro2c at litrca.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Thursday, May 13, 2010 9:25 AM
>> Subject: Re: [Winpcap-users] Multiple instances
>>
>>
>>
>>> It's developed in VB.NET 2.0
>>> I optimized as far as I could. Maybe .NET is not a fast platform.
>>> Can send source code to someone who can do VB
>>>
>>>
>>> -----Original Message-----
>>> From: winpcap-users-bounces at winpcap.org
>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca Varenni
>>> Sent: Thursday, May 13, 2010 6:13 PM
>>> To: winpcap-users at winpcap.org
>>> Subject: Re: [Winpcap-users] Multiple instances
>>>
>>> A packet flow if 1.5MB/s is really low. The problem was probably in the
>>> logic of your application. If I were you, I would definitely review your
>>> application design to understand what the bottleneck was.
>>>
>>> Have a nice day
>>> GV
>>>
>>> --------------------------------------------------
>>> From: "pro2c" <pro2c at litrca.com>
>>> Sent: Thursday, May 13, 2010 9:02 AM
>>> To: <winpcap-users at winpcap.org>
>>> Subject: Re: [Winpcap-users] Multiple instances
>>>
>>>
>>>> Yes, this was my first attempt but at full DL speed (~1,5 MB/s) the CPU
>>>> usage was to high :( since the packet flow is too large/fast
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: winpcap-users-bounces at winpcap.org
>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca 
>>>> Varenni
>>>> Sent: Thursday, May 13, 2010 4:59 PM
>>>> To: winpcap-users at winpcap.org
>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>
>>>> If memory is an issue, then the best solution is opening a single
>>>> instance
>>>> of the WinPcap device, and do your own filtering and demultiplexing in
>>>> user
>>>> mode. This could have the good side effect of having less kernel-user
>>>> mode
>>>> transitions to bring the packets to user mode applications.
>>>>
>>>> Have a nice day
>>>> GV
>>>>
>>>> --------------------------------------------------
>>>> From: "pro2c" <pro2c at litrca.com>
>>>> Sent: Thursday, May 13, 2010 5:37 AM
>>>> To: <winpcap-users at winpcap.org>
>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>
>>>>
>>>>> No, not 200 instances of my app but 200 instances of winpcap device to
>>>>> have
>>>>> 200 different filters (for each port).
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: winpcap-users-bounces at winpcap.org
>>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>>>>> Sent: Wednesday, May 12, 2010 10:08 PM
>>>>> To: winpcap-users at winpcap.org
>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>
>>>>> Why are you running 200 instances of your application on a single
>>>>> computer?  Do you have 200 NICs?  Maybe you can change your 
>>>>> application
>>>>> to do more processing in one instance (i.e. multi-threading).
>>>>>
>>>>> DC
>>>>>
>>>>> pro2c wrote:
>>>>>
>>>>>> I'm having some problems with multiple instances. When I load 200
>>>>>> instances the memory use of my app reaches 100MB. I'm guessing that
>>>>>> every instance reserves some mem for itself.
>>>>>>
>>>>>> Can this be lowered somehow?
>>>>>>
>>>>>>
>>>>>>
>> ------------------------------------------------------------------------
>>
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list