[Winpcap-users] Multiple instances

David Chang dchang at fsautomation.com
Sat May 15 08:18:01 PDT 2010 

Have you looked at ntop (http://www.ntop.org/overview.html)?

DC

----- Original Message ----- 
From: "pro2c" <pro2c at litrca.com>
To: <winpcap-users at winpcap.org>
Sent: Saturday, May 15, 2010 3:41 AM
Subject: Re: [Winpcap-users] Multiple instances


> Mem, yes
>
> If someone is interested in writing a DLL for me that provides this data. 
> I
> would pay for it.
>
>
> -----Original Message-----
> From: winpcap-users-bounces at winpcap.org
> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
> Sent: Saturday, May 15, 2010 2:57 AM
> To: winpcap-users at winpcap.org
> Subject: Re: [Winpcap-users] Multiple instances
>
> OK.  Then, I think GV is right.  This capture load is tiny (<5000
> pkts/sec).  Any modern PC should be able to handle this traffic.  It's
> most likely your application code (or the libraries you are using).
>
> One last question, you're keeping all this information in memory,
> right?  You're not trying to write the data out to a file or database,
> are you?
>
> DC
>
> pro2c wrote:
>> No: ports, protocol, SID and process name are separated algorithms using
>> GetExtendedTcpTable as said by Gerard. I only use the winpcap to get the
>> current numbers for data transfers for ports then connect them to that
>> table. I read only the headers.
>>
>>
>>
>> -----Original Message-----
>> From: winpcap-users-bounces at winpcap.org
>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>> Sent: Friday, May 14, 2010 5:57 PM
>> To: winpcap-users at winpcap.org
>> Subject: Re: [Winpcap-users] Multiple instances
>>
>> I understand all the fields except SID and Process name.
>>
>> Are you saying that Process name is just a description of the port (e.g.
> if
>> the port is 80, the process name is firefox)?  Or, is it more complex 
>> than
>
>> that?
>>
>> How are you getting the SID from the packet capture?  Are you scanning 
>> the
>
>> actual payload rather than just the header?  If so, your application 
>> would
>
>> run much faster if you just captured the header.
>>
>> DC
>>
>> ----- Original Message ----- 
>> From: "pro2c" <pro2c at litrca.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Friday, May 14, 2010 6:36 AM
>> Subject: Re: [Winpcap-users] Multiple instances
>>
>>
>>
>>> SRC IP, DST IP, Protocol, Port, SID (process ID), Process name (which is
>>> using the port), Upload data (kB), Download data (kB), Upload speed,
>>> Download speed.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: winpcap-users-bounces at winpcap.org
>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>>> Sent: Thursday, May 13, 2010 10:54 PM
>>> To: winpcap-users at winpcap.org
>>> Subject: Re: [Winpcap-users] Multiple instances
>>>
>>> What statistics are you capturing?  For example...
>>>
>>> Src IP Addr   Protocol   Port  Upload pkts Download pkts
>>> ------------ ---------- ------ ----------- -------------
>>> 192.168.1.1     TCP         80        2341       2419866
>>> 192.168.1.1     UDP       5000         987          1026
>>> 192.168.1.2     TCP         80        1298       1672340
>>>
>>> DC
>>>
>>> pro2c wrote:
>>>
>>>> I'm trying to make an active list of computer's ports with download and
>>>> upload statistics. So i need 2 instances for 1 port (download & upload)
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: winpcap-users-bounces at winpcap.org
>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>>>> Sent: Thursday, May 13, 2010 7:49 PM
>>>> To: winpcap-users at winpcap.org
>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>
>>>> Could you use a single filter with 'OR' statements to fulfill the 200
>>>> conditions you wish to capture for?  Then, handle the resulting packets
>>>> in
>>>>
>>>> your own application?  Or will the 200 conditions just get every packet
>>>> anyway?
>>>>
>>>> Could you describe what your application is trying to do?
>>>>
>>>> DC
>>>>
>>>> ----- Original Message ----- 
>>>> From: "pro2c" <pro2c at litrca.com>
>>>> To: <winpcap-users at winpcap.org>
>>>> Sent: Thursday, May 13, 2010 9:25 AM
>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>
>>>>
>>>>
>>>>
>>>>> It's developed in VB.NET 2.0
>>>>> I optimized as far as I could. Maybe .NET is not a fast platform.
>>>>> Can send source code to someone who can do VB
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: winpcap-users-bounces at winpcap.org
>>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca
> Varenni
>>>>> Sent: Thursday, May 13, 2010 6:13 PM
>>>>> To: winpcap-users at winpcap.org
>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>
>>>>> A packet flow if 1.5MB/s is really low. The problem was probably in 
>>>>> the
>>>>> logic of your application. If I were you, I would definitely review
> your
>>>>> application design to understand what the bottleneck was.
>>>>>
>>>>> Have a nice day
>>>>> GV
>>>>>
>>>>> --------------------------------------------------
>>>>> From: "pro2c" <pro2c at litrca.com>
>>>>> Sent: Thursday, May 13, 2010 9:02 AM
>>>>> To: <winpcap-users at winpcap.org>
>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>
>>>>>
>>>>>
>>>>>> Yes, this was my first attempt but at full DL speed (~1,5 MB/s) the
> CPU
>>>>>> usage was to high :( since the packet flow is too large/fast
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: winpcap-users-bounces at winpcap.org
>>>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca
>>>>>> Varenni
>>>>>> Sent: Thursday, May 13, 2010 4:59 PM
>>>>>> To: winpcap-users at winpcap.org
>>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>>
>>>>>> If memory is an issue, then the best solution is opening a single
>>>>>> instance
>>>>>> of the WinPcap device, and do your own filtering and demultiplexing 
>>>>>> in
>>>>>> user
>>>>>> mode. This could have the good side effect of having less kernel-user
>>>>>> mode
>>>>>> transitions to bring the packets to user mode applications.
>>>>>>
>>>>>> Have a nice day
>>>>>> GV
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> From: "pro2c" <pro2c at litrca.com>
>>>>>> Sent: Thursday, May 13, 2010 5:37 AM
>>>>>> To: <winpcap-users at winpcap.org>
>>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>>
>>>>>>
>>>>>>
>>>>>>> No, not 200 instances of my app but 200 instances of winpcap device
> to
>>>>>>> have
>>>>>>> 200 different filters (for each port).
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: winpcap-users-bounces at winpcap.org
>>>>>>> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of David Chang
>>>>>>> Sent: Wednesday, May 12, 2010 10:08 PM
>>>>>>> To: winpcap-users at winpcap.org
>>>>>>> Subject: Re: [Winpcap-users] Multiple instances
>>>>>>>
>>>>>>> Why are you running 200 instances of your application on a single
>>>>>>> computer?  Do you have 200 NICs?  Maybe you can change your
>>>>>>> application
>>>>>>> to do more processing in one instance (i.e. multi-threading).
>>>>>>>
>>>>>>> DC
>>>>>>>
>>>>>>> pro2c wrote:
>>>>>>>
>>>>>>>
>>>>>>>> I'm having some problems with multiple instances. When I load 200
>>>>>>>> instances the memory use of my app reaches 100MB. I'm guessing that
>>>>>>>> every instance reserves some mem for itself.
>>>>>>>>
>>>>>>>> Can this be lowered somehow?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Winpcap-users mailing list
>>>>>>>> Winpcap-users at winpcap.org
>>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Winpcap-users mailing list
>>>>>>> Winpcap-users at winpcap.org
>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Winpcap-users mailing list
>>>>>>> Winpcap-users at winpcap.org
>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>
>>>>>> _______________________________________________
>>>>>> Winpcap-users mailing list
>>>>>> Winpcap-users at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>>> _______________________________________________
>>>>> Winpcap-users mailing list
>>>>> Winpcap-users at winpcap.org
>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>>
>>
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list