[Winpcap-users] WinPCAP packets capture delay..

Fish" (David B. Trout fish at infidels.org
Sun Sep 19 04:25:02 PDT 2010


FYI: be careful with the MAC address you choose.

 

Any MAC address with the 0x01 bit on in the first byte is considered an
all-stations broadcast.

 

Is that what you actually intended to do?  Send 10,000 packets to ALL/every
network adapter on your local network??  (if your host has more than one
network adapter on the same physical network segment then they'll both
receive every packet.)

 

If you need a MAC address to test with, the IANNA has reserved the range
00-00-5E-00-00-00 through 00-00-5E-FF-FF-FF just for that purpose.

 

See the section "IANA ETHERNET ADDRESS BLOCK - UNICAST USE" (about 0.75 of
the way down the web page) in the following document:

 

 http://www.iana.org/assignments/ethernet-numbers

-- 
  "Fish"  (David B. Trout) 
    fish at softdevlabs.com

 

From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Alimjan Kuramshin
Sent: Saturday, September 18, 2010 2:33 PM
To: winpcap-users at winpcap.org
Subject: [Winpcap-users] WinPCAP packets capture delay..
Importance: High

 

Hello!

 

Gianluca, can u run this code on Your machine and running the Wireshark save
the log and send it to me, please..

Is there any delays, i mean delays between the packets that Wireshark
(winpcap) capture?

 

P.S. code from WinPcap documentation, sending packets, not one, but 10000
(or 1000000)..

 

#include <stdlib.h>
#include <stdio.h>
 
#include <pcap.h>
 
 
void main(int argc, char **argv)
{
pcap_t
<http://www.winpcap.org/docs/docs_412/html/group__wpcap__def.html#ga4711d025
f83503ce692efa5e45ec60a7>  *fp;
char errbuf[PCAP_ERRBUF_SIZE
<http://www.winpcap.org/docs/docs_412/html/group__wpcap__def.html#gacd448353
957d92c98fccc29e1fc8d927> ];
u_char packet[100];
int i;
volatile int n_pkts = 10000; // 1000000
 
    /* Check the validity of the command line */
    if (argc != 2)
    {
        printf("usage: %s interface (e.g. 'rpcap://eth0')", argv[0]);
        return;
    }
    
    /* Open the output device */
    if ( (fp= pcap_open
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga2b64c7b64
90090d1d37088794f1f1791> (argv[1],            // name of the device
                        65536,                // portion of the packet to
capture (only the first 100 bytes)
                        PCAP_OPENFLAG_PROMISCUOUS
<http://www.winpcap.org/docs/docs_412/html/group__remote__open__flags.html#g
a9134ce51a9a6a7d497c3dee5affdc3b9> ,  // promiscuous mode
                        1000,               // read timeout
                        NULL,               // authentication on the remote
machine
                        errbuf              // error buffer
                        ) ) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by
WinPcap\n", argv[1]);
        return;
    }
 
    /* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */
    packet[0]=1;
    packet[1]=1;
    packet[2]=1;
    packet[3]=1;
    packet[4]=1;
    packet[5]=1;
    
    /* set mac source to 2:2:2:2:2:2 */
    packet[6]=2;
    packet[7]=2;
    packet[8]=2;
    packet[9]=2;
    packet[10]=2;
    packet[11]=2;
    
    /* Fill the rest of the packet */
    for(i=12;i<100;i++)
    {
        packet[i]=(u_char)i;
    }
 
    while (n_pkts--)
    /* Send down the packet */
    if (pcap_sendpacket
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga51dbda0f1
ab9da2cfe49d657486d50b2> (fp, packet, 100 /* size */) != 0)
    {
        fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr
<http://www.winpcap.org/docs/docs_412/html/group__wpcapfunc.html#ga81305cb15
4e4497e95bbb9b708631a3a> (fp));
        return;
    }
 
    return;
}
/* EOF */
Thanks, bye..
 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100919/ea87b99f/attachment-0001.htm 


More information about the Winpcap-users mailing list