[Winpcap-users] Determing incoming vs. outgoing packets.

Gianluca Varenni gianluca.varenni at cacetech.com
Tue May 19 15:23:42 PDT 2009


If the adapter has an IP address you can probably match the IP address 
returned by pcap with the combination IP/MAC that the IP helper API *should* 
return. However I've never tried myself...

Have a nice day
GV

----- Original Message ----- 
From: "Jason Cipriani" <jason.cipriani at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, May 19, 2009 3:04 PM
Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.


> Thanks for the reply.
>
> If I have a pcap device open, do you know if there's a reliable way to
> determine which of the devices returned by GetAdaptersInfo corresponds
> to that device?
>
> I would rather know exactly what MAC address belongs to the capture
> device, so I can compare ethernet header MACs to just that one rather
> than comparing it to the entire list of all adapters on the machine.
>
> Thanks,
> Jason
>
>
> On Tue, May 19, 2009 at 5:13 PM, Gianluca Varenni
> <gianluca.varenni at cacetech.com> wrote:
>> For the moment there are only two ways to get the MAC address:
>> 1. use the Packet API (which is a discouraged approach, since the packet 
>> API
>> is subject to change without any notice)
>> 2. use the IPHelper API.
>>
>> In one of next releases of WinPcap it will be possible to get the MAC
>> address directly from the pcap API.
>>
>> The IP address instead is available in the output of pcap_findalldevs,
>> please see the sample iflist for more details.
>>
>> Have a nice day
>> GV
>>
>> ----- Original Message -----
>> From: "Jason Cipriani" <jason.cipriani at gmail.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Friday, May 15, 2009 12:05 AM
>> Subject: Re: [Winpcap-users] Determing incoming vs. outgoing packets.
>>
>>
>>> On Fri, May 15, 2009 at 2:27 AM, Jason Cipriani
>>> <jason.cipriani at gmail.com> wrote:
>>>> I am writing an application that uses winpcap to capture TCP/IP
>>>> packets. Given that I know nothing about the machine that the
>>>> application is running on, what is the best way to determine if a
>>>> packet is incoming or outgoing?
>>>>
>>>> If it comes down to checking MAC/IP addresses, what's the best way to
>>>> programmatically determine which addresses to check for? I do not want
>>>> the user to be responsible for determining and entering their own MAC
>>>> or local IP address, it must be done automatically.
>>>
>>> So far I have succeeded in using the Windows API function
>>> GetAdaptersInfo to get a list of local MAC addresses for ethernet
>>> devices, and then comparing the source address in the packet's
>>> ethernet header to the addresses in the list to determine the
>>> direction.
>>>
>>> I'm not sure if this is the most efficient way to do it but it *is*
>>> meeting performance requirements on my test machine, so no worries for
>>> now, I guess.
>>>
>>> Still, if there is a simpler or more efficient way to do this, I'd
>>> like to know just for reference.
>>>
>>> Thanks,
>>> Jason
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 



More information about the Winpcap-users mailing list