[Winpcap-users] PPP connection - filtering problem

Stanislaw Wierchola stacho at tls.pl
Mon Aug 22 11:10:09 GMT 2005


Hi,

  I use WinPcap to count outgoing/incoming traffic. I have two filters:
"src IP_ADDRESS"/"dst IP_ADDRESS", where IP_ ADDRESS is the IP address
of the interface. It WORKS for Ethernet devices.

  The problem is with PPP/SLIP connection. Both filters gives sum of
incoming end outgoing traffic. In WinPcap FAQ (Q-5: Can I use WinPcap on a
PPP connection?) there is information that:
"filtering and statistics gathering is done at user level."
I understand that filtering works on PPP connection but it is implemented
at user level WinPcap library ?

  I use Windows XP SP2, WinPcap 3.1 and mingw.

  I capture some packages from this inteface with Ethereal and they look
OK - they have correct source and destination IP addresses, etc.

The most important parts of the code (it works for Ethernet devices):
pcap_if_t  *d;

//1. Search for all devices
pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf);

//2. User select one of devices - d
...

//3. Open selected device
fp= pcap_open(d->name, 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf);

//4. Create, compile and set filter
netmask=0xffffff;      // or taken from pcap_addr->netmask
string filtr = "dst "; // or "dst host "
filtr += iptos(((struct sockaddr_in *)d->addresses->addr)->sin_addr.s_addr);
pcap_compile(fp, &fcode, (char*)filtr.c_str(), 1, netmask);
pcap_setfilter(fp, &fcode);

//5. Change mode to stat
pcap_setmode(fp, MODE_STAT);

//6. Start loop
pcap_loop(fp, 0, dispatcher_handler, NULL);

// Counter function
dispatcher_handler(u_char *parameters, const struct pcap_pkthdr *header,
const u_char *pkt_data)
{
  ...
  counter += (*(LONGLONG*)(pkt_data + 8)) ;
  ...
}

Thanks for help,
Stanislaw Wierchola


More information about the Winpcap-users mailing list