<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<STYLE>P {
        PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px
}
BODY {
        FONT-SIZE: 9pt; FONT-FAMILY: Tahoma
}
</STYLE>
<META content="MSHTML 6.00.6000.16414" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face="Courier New" size=2>If you just want to filter the packets,
i.e. capture only the packets with a specific mac address or ip address, you
need to use pcap_compile/pcap_setfilter and a filter string like "ether host
11:22:33:44:55:66" or "ip host 1.2.3.4".</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>If you want to compare the mac of a packet
with another mac, you need to dissect the bytes of the received packet.
</FONT><FONT face="Courier New" size=2>For example, if the packet is coming from
an ethernet interface, the mac destination is stored in the first 6 bytes of the
packet, and the mac source is the next 6 bytes. In this case </FONT><FONT
face="Courier New" size=2>I suggest you to have a look at protocols.com for a
reference to the most commonly used protocols like ethernet, ip,
tcp.</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Hope it helps</FONT></DIV>
<DIV><FONT face="Courier New" size=2>GV<BR></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=all_is_free@hotmail.com href="mailto:all_is_free@hotmail.com">欧福瑞</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, March 29, 2007 5:46
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] howto compare
the ip and mac</DIV>
<DIV><BR></DIV>how to compare the ip(mac) string (192.168.0.2 or
00-11-22-33-44-55) with ip(mac) info in the captured packets (binary
format)? <BR> <BR>convert the string to binary? convert the binary
to string?<BR> <BR> <BR><BR>
<HR>
通过 Windows Live Spaces 与朋友轻松共享您的生活。 <A
href="http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=zh-cn"
target=_new>立即尝试!</A>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing list<BR><A
href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</A><BR><A
href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</A><BR></BLOCKQUOTE></BODY></HTML>