[Winpcap-users] How can i getthenew-estpacketfrombuffer?HELPPLEASE~!

David Chang dchang at fsautomation.com
Tue May 26 09:06:00 PDT 2009 

Again, I'm not sure exactly what you're are trying to do, but here's a 
method to get a set of packets, process them, then get another set of 
packets.  The only problem is that you are going to drop a bunch of packets 
while processing the first batch.

1. Use pcap_dump_open() to open a file for packet capture
2. In your packet capture loop, use pcap_dump() to write packets to the dump 
file.
3. After writing out several thousand packets, do a pcap_dump_flush() and 
pcap_dump_close()
4. Open the pcap_dump file using pcap_open_offline()
5. Process the packets in the dump file.  Unlink the dump file.
6. Go back to step 1

There are two potential problems here:

1. You may not be able to capture all the packets into the dump file unless 
you have a VERY powerful I/O subsystem (fast disks in RAID-0 mode and a good 
NIC for packet capture)
2. Between step 3 and step 6 you will be dropping packets.

DC

----- Original Message ----- 
From: "rst" <slash at realscene.com.tw>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, May 26, 2009 2:19 AM
Subject: Re: [Winpcap-users] How can i 
getthenew-estpacketfrombuffer?HELPPLEASE~!


The machine always sending packets , never stop.
and my computer only connected with the machine (using a crossover network 
cable).
so every packets I get are what I wanted, but only the newest packet I need.

Machine ----(Sending packets)---> My Computer 
.........................every 0.000005 second

My Application ----(Get the newest packet)---> Get information to do 
control...................every 0.0001 second

if the buffer can contrain 10000 packets,
0.000005 * 10000 = 0.05 second,
so I can only get the information before 0.05 second,
but in my realtime control, i must get the information less than 0.0001 
second.

so have any ideas?

Really thank you!!

  If the other machine is sending a constant 200,000 packets per second and 
won't slow down, you may be out of luck.  However, if the other machine 
sends 200,000 packet per second for a short burst (say 10 seconds), then you 
should be able to store those 2M packets into your own memory space.  After 
you store the packets, you can do your analysis.

  For a quick test, just change your control loop to do...

  static int counter;

  pcap_next_ex(...);
  counter++;

  That is, don't do anything with the packet (other than advance the buffer 
and count how many you receive).  This will tell you how fast your machine 
can move through the buffer.

  If this works well, then you need to do a memcpy() of the packet into 
pre-allocated space (i.e. malloc your own circular queue).  This will slow 
down the loop, but should be much faster than 0.1ms.

  Last question:  Most packet capturing applications need to decode EVERY 
packet, are you saying that you do NOT need to decode every packet?  If not, 
how do you know which packets you need to decode and which ones you don't?

  DC


--------------------------------------------------------------------------------


> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list