[Winpcap-users] Determing incoming vs. outgoing packets.

Jason Cipriani jason.cipriani at gmail.com
Tue May 19 15:04:22 PDT 2009 

Thanks for the reply.

If I have a pcap device open, do you know if there's a reliable way to
determine which of the devices returned by GetAdaptersInfo corresponds
to that device?

I would rather know exactly what MAC address belongs to the capture
device, so I can compare ethernet header MACs to just that one rather
than comparing it to the entire list of all adapters on the machine.

Thanks,
Jason


On Tue, May 19, 2009 at 5:13 PM, Gianluca Varenni
<gianluca.varenni at cacetech.com> wrote:
> For the moment there are only two ways to get the MAC address:
> 1. use the Packet API (which is a discouraged approach, since the packet API
> is subject to change without any notice)
> 2. use the IPHelper API.
>
> In one of next releases of WinPcap it will be possible to get the MAC
> address directly from the pcap API.
>
> The IP address instead is available in the output of pcap_findalldevs,
> please see the sample iflist for more details.
>
> Have a nice day
> GV
>
> ----- Original Message -----
> From: "Jason Cipriani" <jason.cipriani at gmail.com>
> To: <winpcap-users at winpcap.org>
> Sent: Friday, May 15, 2009 12:05 AM
> Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.
>
>
>> On Fri, May 15, 2009 at 2:27 AM, Jason Cipriani
>> <jason.cipriani at gmail.com> wrote:
>>> I am writing an application that uses winpcap to capture TCP/IP
>>> packets. Given that I know nothing about the machine that the
>>> application is running on, what is the best way to determine if a
>>> packet is incoming or outgoing?
>>>
>>> If it comes down to checking MAC/IP addresses, what's the best way to
>>> programmatically determine which addresses to check for? I do not want
>>> the user to be responsible for determining and entering their own MAC
>>> or local IP address, it must be done automatically.
>>
>> So far I have succeeded in using the Windows API function
>> GetAdaptersInfo to get a list of local MAC addresses for ethernet
>> devices, and then comparing the source address in the packet's
>> ethernet header to the addresses in the list to determine the
>> direction.
>>
>> I'm not sure if this is the most efficient way to do it but it *is*
>> meeting performance requirements on my test machine, so no worries for
>> now, I guess.
>>
>> Still, if there is a simpler or more efficient way to do this, I'd
>> like to know just for reference.
>>
>> Thanks,
>> Jason
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list