[Winpcap-users] Monitoring multiple network interfaces
soulstone
soulstone at gmx.de
Tue Dec 8 06:16:37 PST 2009
Gianluca Varenni wrote:
> ----- Original Message -----
> From: "soulstone" <soulstone at gmx.de>
> To: <winpcap-users at winpcap.org>
> Sent: Sunday, December 06, 2009 12:59 PM
> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>
>
>>
>> Gianluca Varenni wrote:
>>> ----- Original Message -----
>>> From: "soulstone" <soulstone at gmx.de>
>>> To: <winpcap-users at winpcap.org>
>>> Sent: Friday, December 04, 2009 7:02 AM
>>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
>>>
>>>
>>>> Gianluca Varenni wrote:
>>>>> ----- Original Message -----
>>>>> From: "soulstone" <soulstone at gmx.de>
>>>>> To: <winpcap-users at winpcap.org>
>>>>> Sent: Thursday, December 03, 2009 8:49 AM
>>>>> Subject: [Winpcap-users] Monitoring multiple network interfaces
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've tried to monitor multiple networ interfaces installed on
>>>>>> a system.
>>>>>> The reason is that I need to monitor network traffic to determine
>>>>>> whether a user navigates to a given url.
>>>>>>
>>>>>> I'd rather capture only packages from the interface which is connected
>>>>>> to the internet but I don't know how to find out which one I need.
>>>>>>
>>>>>> So I tried to monitor all interfaces.
>>>>>> I did this by creating one thread per interface which calls pcap_loop.
>>>>>> But this doesn't work.
>>>>> What do you mean by "it doesn't work"?
>>>> 1. I use pcap_findalldevs to get all devices.
>>>> 2. I open every interface by pcap_open_live.
>>>> 3. I use a loop to itter through all interfaces and spawn
>>>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler,
>>>> Err).
>>>>
>>>> Usually after that the method PacketHandler would be called
>>>> if I only invoke pcap_look for the correct interface with internet
>>>> access.
>>>> But if I try to monitor multiple interfaces the function PacketHandler
>>>> isn't called anymore.
>>>>
>>>> I also tried to reverse the loop (the first interface is coincidental
>>>> the one with internet access) it works.
>>> What's the name of the interface with real traffic? What OS are you
>>> running
>>> on?
>> Why does the name of the interface matter? I know which one works on my
>> computer but I need a way to identify the one with real traffic also for
>> other users without user interaction.
>>
>> I used XP, Vista, Win7 for my tests.
>> I've multiple network interfaces installed on these machines.
>>
>
> I want to know if you are capturing from the interface called "Generic
> dialup/VPN interface" (or any VPN/dialup one)
>
I don't capture from a "Generic dialup/VPN interface".
E.g. there are two normal network interfaces and 2 virtual interfaces
created by virtualpc on one machine.
Maybe this could be a problem?
> GV
>
>> Kind regards,
>> dy
>>
>>> GV
>>>
>>>
>>>> Example code:
>>>> // doesn't work
>>>> for i := 0 to Length(Interfaces) - 1 do
>>>> begin
>>>> // creates a thread which calls pcap_loop
>>>> SpawnMonitor(Interfaces[i];
>>>> end;
>>>>
>>>> // works, because our (now last) item is the correct NIC
>>>> for i := Length(ValidP) - 1 downto 0 do
>>>> begin
>>>> SpawnMonitor(Interfaces[i];
>>>> end;
>>>>
>>>> So the problem is that PacketHandler isn't called for all devices.
>>>>
>>>> Kind regards,
>>>> dy
>>>>
>>>>> GV
>>>>>
>>>>>> Specifying only one interface everything works fine.
>>>>>> Can I only monitor one interface at once or do I miss something?
>>>>>>
>>>>>> Maybe someone can give me an advice.
>>>>>>
>>>>>>
>>>>>> Kind regards,
>>>>>> dy
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list