[Winpcap-users] how to find active ports

rajath kumara rajathkumara at gmail.com
Fri Jul 15 11:52:34 PDT 2011 

Thanks Mark Pizzolato.

I actually got output, through a different approach.
I used pcap_open_live( ) and pcap_next_ex( ).

But I have question, kindly help me figure out this.

when i use the pcap_open_live( ) and pcap_next_ex( ), i see some packets
captured.
But what are these packets?
how are they generated?
Am i generating them?


Your suggestions will be valuable to me.


On Wed, Jul 13, 2011 at 6:18 PM, <winpcap-users-request at winpcap.org> wrote:

> Send Winpcap-users mailing list submissions to
>        winpcap-users at winpcap.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://www.winpcap.org/mailman/listinfo/winpcap-users
> or, via email, send a message with subject or body 'help' to
>        winpcap-users-request at winpcap.org
>
> You can reach the person managing the list at
>        winpcap-users-owner at winpcap.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Winpcap-users digest..."
>
>
> Today's Topics:
>
>   1. Re: how to find active ports (Mark Pizzolato - WinPCap-Users)
>   2. Performance issues and c# wrappers (Emre Eri?gen)
>   3. Re: Performance issues and c# wrappers (Black, Michael (IS))
>   4. Re: Performance issues and c# wrappers (Emre Eri?gen)
>   5. PacketRequest on a Wan-adapter (Gisle Vanem)
>   6. Re: EXT :Re:  Performance issues and c# wrappers
>      (Black, Michael (IS))
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 Jul 2011 20:00:52 -0700
> From: Mark Pizzolato - WinPCap-Users
>        <winpcap-users-20040408 at subscriptions.pizzolato.net>
> To: "winpcap-users at winpcap.org" <winpcap-users at winpcap.org>
> Subject: Re: [Winpcap-users] how to find active ports
> Message-ID:
>        <
> 0CC6789C1C831B4C8CCFF49D45D7010F290403ED6B at REDROOF2.alohasunset.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi there Rajath,
>
> Winpcap doesn't contain a single API which provides the specific answer you
> are looking for.
>
> However, you could determine the answer you are looking for with a little
> coding on your part.  The following steps will achieve the desired result:
> 1)      Use pcap_findalldevs to enumerate the set of 'ports' as you say.
> 2)      For each enumerated port, use pcap_openlive to open a promiscuous
> mode pcap handle to the port.
> 3)      For each enumerated port, Craft a packet which says "Sending on
> Port #N" and use any source MAC address (without Bi1#1 set (i.e. the
> Broadcast/multicast bit sent), use a destination MAC address of
> FF:FF:FF:FF:FF:FF.  Send the packet on the pcap handle using
> pcap_sendpacket.   Read arriving packets on each of the pcap handles looking
> for the crafted packet.  Each time you find a packet you sent, you've found
> a 'loopbacked' port (the loopbacks here could also indicate multiple ports
> connected to the same switch, which is equivalent to a set of ports
> connected with a crossover cable).
>
> Good Luck.
>
> -       Mark Pizzolato
>
> On Monday, July 04, 2011 5:44 AM, rajath kumara wrote:
>
> > Thanks for the reply.
> >
> > However guess, its better to restate my problem, so that i can make you
> > people clear about my query.
> >
> > I am using some ?3 NICS ( network interface cards), which together get me
> 10
> > ports.
> > 2 NICs are are from D-Link NIC cards which have 4 ports each in them, and
> > another is NETGEAR NIC, which has 2 ports in it.
> >
> > with the help of pcap_findalldevs() , i can obtain the list of all ports
> ,
> > along with details of NIC cards, their MAC_ addresses and others.
> >
> > But my question is , pcap_findalldevs( ), gives me list of all 10 ports i
> am
> > using,
> >
> > assume i use a cross-cable and connect any 2 ports to form a loopback
> > condition,then ?is their any function in wpcap, which tells me
> > which 2 ports are in loopback state among the 10 ports i am using.
> >
> > or any other function is their apart from wpcap, which helps me to do
> this.
> >
> >
> > please help me to figure out this problem.
> >
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 13 Jul 2011 14:09:29 +0300
> From: Emre Eri?gen <emreerisgen at gmail.com>
> To: winpcap-users at winpcap.org
> Subject: [Winpcap-users] Performance issues and c# wrappers
> Message-ID:
>        <CAF8arNifT2kQugbmBznyhTAf_00Z9+Z=xKjw35Dang3N1-E=vw at mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> I want to write a program which will listen the network device and capture
> packets and saves them as dump files. The problem is packet loss must be
> really really small in high transfer rates. What is the maximum transfer
> rate for winpcap library? Can i capture 100mbit/sec without packet loss? I
> have to write this program with C# so by wrapping winpcap for using in C#
> will decrease the program performance? Do you know the performance of
> wrappers like pcp.net and sharppcap? By performance i mean maximum
> transfer
> rate without packet loss. Any help will be appreciated. Thank you for
> reading.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/02a51435/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Wed, 13 Jul 2011 11:56:57 +0000
> From: "Black, Michael (IS)" <Michael.Black2 at ngc.com>
> To: "winpcap-users at winpcap.org" <winpcap-users at winpcap.org>
> Subject: Re: [Winpcap-users] Performance issues and c# wrappers
> Message-ID: <55D44176-CAE1-47F1-A797-14177DD064E0 at mimectl>
> Content-Type: text/plain; charset="iso-8859-2"
>
> I don't know what kind of network you're on.
>
> But 100mbit/sec is nothing anymore.
>
>
>
> Today's switches have gigabit ports to interconnect them because the ports
> can all do 100Mbit EACH for example.  One 100Mbit port can't watch fast
> enough to capture the traffic that can occur on the switch.
>
>
>
> So you really have to either bond ports together or sit on the gigabit port
> to capture traffic.
>
>
>
> Nonetheless -- you'll want to multitrread your application for writing to
> disk.
>
>
>
> You can probably get by without that for 100Mbit/sec (that's only 12MB/sec
> to disk which should be a doable sustained rate on a single thread).  But if
> your disk I/O pauses too long you may drop things.
>
>
>
> You can tell that by running a ping while blasting data at it and the
> looking to see if you capture all the pings.
>
> Or better, by running a small test program which sends 10 packets a second
> or such and ensure you see all the packets while blasting data on the
> network.
>
>
>
>
>
>
>
> Michael D. Black
>
> Senior Scientist
>
> NG Information Systems
>
> Advanced Analytics Directorate
>
>
>
> ________________________________
> From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org]
> on behalf of Emre Eri?gen [emreerisgen at gmail.com]
> Sent: Wednesday, July 13, 2011 6:09 AM
> To: winpcap-users at winpcap.org
> Subject: EXT :[Winpcap-users] Performance issues and c# wrappers
>
> I want to write a program which will listen the network device and capture
> packets and saves them as dump files. The problem is packet loss must be
> really really small in high transfer rates. What is the maximum transfer
> rate for winpcap library? Can i capture 100mbit/sec without packet loss? I
> have to write this program with C# so by wrapping winpcap for using in C#
> will decrease the program performance? Do you know the performance of
> wrappers like pcp.net<http://pcp.net/> and sharppcap? By performance i
> mean maximum transfer rate without packet loss. Any help will be
> appreciated. Thank you for reading.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/7c8d7dd1/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Wed, 13 Jul 2011 15:29:00 +0300
> From: Emre Eri?gen <emreerisgen at gmail.com>
> To: winpcap-users at winpcap.org
> Subject: Re: [Winpcap-users] Performance issues and c# wrappers
> Message-ID:
>        <CAF8arNjT6z7r+4qBuJuH4Bw0yWvhxRoFRktWtBGqnhx+xt1YkA at mail.gmail.com
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thank you so much for your answer. I think I should explain about my
> problem
> a little bit more. I want to listen a network which has an internet
> connection around 50mbit/sec. My problem is i have to use C# for this
> program and so i need to wrap winpcap to use it. There are some open source
> C# wrappers like sharppcap and pcap.net. I wonder if i use these wrappers
> can i listen and capture 50mbit/sec without packet loss. Is using a wrapper
> will reduce the performance of winpcap? I just need to listen, capture and
> save them to a dump file so my wrapper will not be much a big project. Do
> writing my own little wrapper help me to reduce performance reduction?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/2a250bcc/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Wed, 13 Jul 2011 14:31:01 +0200
> From: Gisle Vanem <gvanem at broadpark.no>
> To: WinDump <winpcap-users at winpcap.org>
> Subject: [Winpcap-users] PacketRequest on a Wan-adapter
> Message-ID: <4DD97382C5594DD69428D24FF34F2CBB at broadpark.no>
> Content-Type: text/plain; CHARSET=US-ASCII; format=flowed;
>        reply-type=original
>
> Hi list.
>
> The PacketRequest() function is obviously not suited for getting
> the low-level stuff (such as MTU and MAC-address) from a WAN (PPP/SLIP)
> interface. I'm getting the error "PacketRequest not supported on
> non-NPF/NPFIM
> adapters" in the winpcap_debug.txt file.
>
> How can I get such things with another function or API? Device in question
> is named "\Device\NPF_GenericDialupAdapter". I can listen on the adapter
> just fine. It is the un-encrypted end of my VPN connection.
>
> --gv
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 13 Jul 2011 12:48:35 +0000
> From: "Black, Michael (IS)" <Michael.Black2 at ngc.com>
> To: "winpcap-users at winpcap.org" <winpcap-users at winpcap.org>
> Subject: Re: [Winpcap-users] EXT :Re:  Performance issues and c#
>        wrappers
> Message-ID: <19623639-CC0A-481E-A8BD-A642B245A1B5 at mimectl>
> Content-Type: text/plain; charset="iso-8859-2"
>
> 50Mb/sec is quite doable.
>
>
>
> You won't know the answer "for sure" until you test it.
>
>
>
> I doubt the wrapper will hurt much.  Any additional layer slows things down
> but not necessarily by very much.
>
>
>
> Write your app and watch the CPU usage.  If it gets anywhere close to 100%
> for any sustained period of time than then you'll need to optimize.  But my
> guess is you'll be much less than that.
>
>
>
> If all your doing is listening and saving than 2 threads is probably all
> you could possibly use, one to capture and push on a queue and another to
> pop the packet off the queue and write it to disk.
>
>
>
> My guess is you can keep up with 50Mb/sec internet and the 6.25MB/sec to
> disk without any problem.
>
> Hopefully you do have a decent disk system to write to as you're talking
> probably 11GB/hour based on 50% utilization of the bandwidth.  So you can
> fill up a disk pretty fast.
>
>
>
>
>
> Michael D. Black
>
> Senior Scientist
>
> NG Information Systems
>
> Advanced Analytics Directorate
>
>
>
> ________________________________
> From: winpcap-users-bounces at winpcap.org [winpcap-users-bounces at winpcap.org]
> on behalf of Emre Eri?gen [emreerisgen at gmail.com]
> Sent: Wednesday, July 13, 2011 7:29 AM
> To: winpcap-users at winpcap.org
> Subject: EXT :Re: [Winpcap-users] Performance issues and c# wrappers
>
> Thank you so much for your answer. I think I should explain about my
> problem a little bit more. I want to listen a network which has an internet
> connection around 50mbit/sec. My problem is i have to use C# for this
> program and so i need to wrap winpcap to use it. There are some open source
> C# wrappers like sharppcap and pcap.net<http://pcap.net/>. I wonder if i
> use these wrappers can i listen and capture 50mbit/sec without packet loss.
> Is using a wrapper will reduce the performance of winpcap? I just need to
> listen, capture and save them to a dump file so my wrapper will not be much
> a big project. Do writing my own little wrapper help me to reduce
> performance reduction?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/8a1e4796/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
> End of Winpcap-users Digest, Vol 76, Issue 7
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20110716/a1e679c7/attachment-0001.html>

More information about the Winpcap-users mailing list