----- Original Message ----- From: "soulstone" <[email protected]> To: <[email protected]> Sent: Tuesday, December 08, 2009 6:16 AM Subject: Re: [Winpcap-users] Monitoring multiple network interfaces
> > > Gianluca Varenni wrote: >> ----- Original Message ----- >> From: "soulstone" <[email protected]> >> To: <[email protected]> >> Sent: Sunday, December 06, 2009 12:59 PM >> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces >> >> >>> >>> Gianluca Varenni wrote: >>>> ----- Original Message ----- >>>> From: "soulstone" <[email protected]> >>>> To: <[email protected]> >>>> Sent: Friday, December 04, 2009 7:02 AM >>>> Subject: Re: [Winpcap-users] Monitoring multiple network interfaces >>>> >>>> >>>>> Gianluca Varenni wrote: >>>>>> ----- Original Message ----- >>>>>> From: "soulstone" <[email protected]> >>>>>> To: <[email protected]> >>>>>> Sent: Thursday, December 03, 2009 8:49 AM >>>>>> Subject: [Winpcap-users] Monitoring multiple network interfaces >>>>>> >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I've tried to monitor multiple networ interfaces installed on >>>>>>> a system. >>>>>>> The reason is that I need to monitor network traffic to determine >>>>>>> whether a user navigates to a given url. >>>>>>> >>>>>>> I'd rather capture only packages from the interface which is >>>>>>> connected >>>>>>> to the internet but I don't know how to find out which one I need. >>>>>>> >>>>>>> So I tried to monitor all interfaces. >>>>>>> I did this by creating one thread per interface which calls >>>>>>> pcap_loop. >>>>>>> But this doesn't work. >>>>>> What do you mean by "it doesn't work"? >>>>> 1. I use pcap_findalldevs to get all devices. >>>>> 2. I open every interface by pcap_open_live. >>>>> 3. I use a loop to itter through all interfaces and spawn >>>>> a seperated thread for each call of pcap_loop(Desc, 0, @PacketHandler, >>>>> Err). >>>>> >>>>> Usually after that the method PacketHandler would be called >>>>> if I only invoke pcap_look for the correct interface with internet >>>>> access. >>>>> But if I try to monitor multiple interfaces the function PacketHandler >>>>> isn't called anymore. >>>>> >>>>> I also tried to reverse the loop (the first interface is coincidental >>>>> the one with internet access) it works. >>>> What's the name of the interface with real traffic? What OS are you >>>> running >>>> on? >>> Why does the name of the interface matter? I know which one works on my >>> computer but I need a way to identify the one with real traffic also for >>> other users without user interaction. >>> >>> I used XP, Vista, Win7 for my tests. >>> I've multiple network interfaces installed on these machines. >>> >> >> I want to know if you are capturing from the interface called "Generic >> dialup/VPN interface" (or any VPN/dialup one) >> > > I don't capture from a "Generic dialup/VPN interface". > E.g. there are two normal network interfaces and 2 virtual interfaces > created by virtualpc on one machine. > Maybe this could be a problem? No. What are the parameters passed to pcap_open_live? In interested in the timeout value. Does pcap_loop ever return (even if PacketHandler is not called)? Can you please try using pcap_next_ex in your code and see what is the error code returned by it? Have a nice day GV > >> GV >> >>> Kind regards, >>> dy >>> >>>> GV >>>> >>>> >>>>> Example code: >>>>> // doesn't work >>>>> for i := 0 to Length(Interfaces) - 1 do >>>>> begin >>>>> // creates a thread which calls pcap_loop >>>>> SpawnMonitor(Interfaces[i]; >>>>> end; >>>>> >>>>> // works, because our (now last) item is the correct NIC >>>>> for i := Length(ValidP) - 1 downto 0 do >>>>> begin >>>>> SpawnMonitor(Interfaces[i]; >>>>> end; >>>>> >>>>> So the problem is that PacketHandler isn't called for all devices. >>>>> >>>>> Kind regards, >>>>> dy >>>>> >>>>>> GV >>>>>> >>>>>>> Specifying only one interface everything works fine. >>>>>>> Can I only monitor one interface at once or do I miss something? >>>>>>> >>>>>>> Maybe someone can give me an advice. >>>>>>> >>>>>>> >>>>>>> Kind regards, >>>>>>> dy >>>>>>> _______________________________________________ >>>>>>> Winpcap-users mailing list >>>>>>> [email protected] >>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>> _______________________________________________ >>>>>> Winpcap-users mailing list >>>>>> [email protected] >>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>> >>>>> _______________________________________________ >>>>> Winpcap-users mailing list >>>>> [email protected] >>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>> _______________________________________________ >>>> Winpcap-users mailing list >>>> [email protected] >>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>> >>> _______________________________________________ >>> Winpcap-users mailing list >>> [email protected] >>> https://www.winpcap.org/mailman/listinfo/winpcap-users >> >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users >> > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
