[Winpcap-users] Determing incoming vs. outgoing packets.
Jason Cipriani
jason.cipriani at gmail.com
Fri May 15 00:05:02 PDT 2009
On Fri, May 15, 2009 at 2:27 AM, Jason Cipriani
<jason.cipriani at gmail.com> wrote:
> I am writing an application that uses winpcap to capture TCP/IP
> packets. Given that I know nothing about the machine that the
> application is running on, what is the best way to determine if a
> packet is incoming or outgoing?
>
> If it comes down to checking MAC/IP addresses, what's the best way to
> programmatically determine which addresses to check for? I do not want
> the user to be responsible for determining and entering their own MAC
> or local IP address, it must be done automatically.
So far I have succeeded in using the Windows API function
GetAdaptersInfo to get a list of local MAC addresses for ethernet
devices, and then comparing the source address in the packet's
ethernet header to the addresses in the list to determine the
direction.
I'm not sure if this is the most efficient way to do it but it *is*
meeting performance requirements on my test machine, so no worries for
now, I guess.
Still, if there is a simpler or more efficient way to do this, I'd
like to know just for reference.
Thanks,
Jason
More information about the Winpcap-users
mailing list