Have you looked at ntop (http://www.ntop.org/overview.html)?
DC ----- Original Message ----- From: "pro2c" <[email protected]> To: <[email protected]> Sent: Saturday, May 15, 2010 3:41 AM Subject: Re: [Winpcap-users] Multiple instances > Mem, yes > > If someone is interested in writing a DLL for me that provides this data. > I > would pay for it. > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of David Chang > Sent: Saturday, May 15, 2010 2:57 AM > To: [email protected] > Subject: Re: [Winpcap-users] Multiple instances > > OK. Then, I think GV is right. This capture load is tiny (<5000 > pkts/sec). Any modern PC should be able to handle this traffic. It's > most likely your application code (or the libraries you are using). > > One last question, you're keeping all this information in memory, > right? You're not trying to write the data out to a file or database, > are you? > > DC > > pro2c wrote: >> No: ports, protocol, SID and process name are separated algorithms using >> GetExtendedTcpTable as said by Gerard. I only use the winpcap to get the >> current numbers for data transfers for ports then connect them to that >> table. I read only the headers. >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of David Chang >> Sent: Friday, May 14, 2010 5:57 PM >> To: [email protected] >> Subject: Re: [Winpcap-users] Multiple instances >> >> I understand all the fields except SID and Process name. >> >> Are you saying that Process name is just a description of the port (e.g. > if >> the port is 80, the process name is firefox)? Or, is it more complex >> than > >> that? >> >> How are you getting the SID from the packet capture? Are you scanning >> the > >> actual payload rather than just the header? If so, your application >> would > >> run much faster if you just captured the header. >> >> DC >> >> ----- Original Message ----- >> From: "pro2c" <[email protected]> >> To: <[email protected]> >> Sent: Friday, May 14, 2010 6:36 AM >> Subject: Re: [Winpcap-users] Multiple instances >> >> >> >>> SRC IP, DST IP, Protocol, Port, SID (process ID), Process name (which is >>> using the port), Upload data (kB), Download data (kB), Upload speed, >>> Download speed. >>> >>> >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of David Chang >>> Sent: Thursday, May 13, 2010 10:54 PM >>> To: [email protected] >>> Subject: Re: [Winpcap-users] Multiple instances >>> >>> What statistics are you capturing? For example... >>> >>> Src IP Addr Protocol Port Upload pkts Download pkts >>> ------------ ---------- ------ ----------- ------------- >>> 192.168.1.1 TCP 80 2341 2419866 >>> 192.168.1.1 UDP 5000 987 1026 >>> 192.168.1.2 TCP 80 1298 1672340 >>> >>> DC >>> >>> pro2c wrote: >>> >>>> I'm trying to make an active list of computer's ports with download and >>>> upload statistics. So i need 2 instances for 1 port (download & upload) >>>> >>>> >>>> -----Original Message----- >>>> From: [email protected] >>>> [mailto:[email protected]] On Behalf Of David Chang >>>> Sent: Thursday, May 13, 2010 7:49 PM >>>> To: [email protected] >>>> Subject: Re: [Winpcap-users] Multiple instances >>>> >>>> Could you use a single filter with 'OR' statements to fulfill the 200 >>>> conditions you wish to capture for? Then, handle the resulting packets >>>> in >>>> >>>> your own application? Or will the 200 conditions just get every packet >>>> anyway? >>>> >>>> Could you describe what your application is trying to do? >>>> >>>> DC >>>> >>>> ----- Original Message ----- >>>> From: "pro2c" <[email protected]> >>>> To: <[email protected]> >>>> Sent: Thursday, May 13, 2010 9:25 AM >>>> Subject: Re: [Winpcap-users] Multiple instances >>>> >>>> >>>> >>>> >>>>> It's developed in VB.NET 2.0 >>>>> I optimized as far as I could. Maybe .NET is not a fast platform. >>>>> Can send source code to someone who can do VB >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: [email protected] >>>>> [mailto:[email protected]] On Behalf Of Gianluca > Varenni >>>>> Sent: Thursday, May 13, 2010 6:13 PM >>>>> To: [email protected] >>>>> Subject: Re: [Winpcap-users] Multiple instances >>>>> >>>>> A packet flow if 1.5MB/s is really low. The problem was probably in >>>>> the >>>>> logic of your application. If I were you, I would definitely review > your >>>>> application design to understand what the bottleneck was. >>>>> >>>>> Have a nice day >>>>> GV >>>>> >>>>> -------------------------------------------------- >>>>> From: "pro2c" <[email protected]> >>>>> Sent: Thursday, May 13, 2010 9:02 AM >>>>> To: <[email protected]> >>>>> Subject: Re: [Winpcap-users] Multiple instances >>>>> >>>>> >>>>> >>>>>> Yes, this was my first attempt but at full DL speed (~1,5 MB/s) the > CPU >>>>>> usage was to high :( since the packet flow is too large/fast >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: [email protected] >>>>>> [mailto:[email protected]] On Behalf Of Gianluca >>>>>> Varenni >>>>>> Sent: Thursday, May 13, 2010 4:59 PM >>>>>> To: [email protected] >>>>>> Subject: Re: [Winpcap-users] Multiple instances >>>>>> >>>>>> If memory is an issue, then the best solution is opening a single >>>>>> instance >>>>>> of the WinPcap device, and do your own filtering and demultiplexing >>>>>> in >>>>>> user >>>>>> mode. This could have the good side effect of having less kernel-user >>>>>> mode >>>>>> transitions to bring the packets to user mode applications. >>>>>> >>>>>> Have a nice day >>>>>> GV >>>>>> >>>>>> -------------------------------------------------- >>>>>> From: "pro2c" <[email protected]> >>>>>> Sent: Thursday, May 13, 2010 5:37 AM >>>>>> To: <[email protected]> >>>>>> Subject: Re: [Winpcap-users] Multiple instances >>>>>> >>>>>> >>>>>> >>>>>>> No, not 200 instances of my app but 200 instances of winpcap device > to >>>>>>> have >>>>>>> 200 different filters (for each port). >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: [email protected] >>>>>>> [mailto:[email protected]] On Behalf Of David Chang >>>>>>> Sent: Wednesday, May 12, 2010 10:08 PM >>>>>>> To: [email protected] >>>>>>> Subject: Re: [Winpcap-users] Multiple instances >>>>>>> >>>>>>> Why are you running 200 instances of your application on a single >>>>>>> computer? Do you have 200 NICs? Maybe you can change your >>>>>>> application >>>>>>> to do more processing in one instance (i.e. multi-threading). >>>>>>> >>>>>>> DC >>>>>>> >>>>>>> pro2c wrote: >>>>>>> >>>>>>> >>>>>>>> I'm having some problems with multiple instances. When I load 200 >>>>>>>> instances the memory use of my app reaches 100MB. I'm guessing that >>>>>>>> every instance reserves some mem for itself. >>>>>>>> >>>>>>>> Can this be lowered somehow? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>>>>>> _______________________________________________ >>>>>>>> Winpcap-users mailing list >>>>>>>> [email protected] >>>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Winpcap-users mailing list >>>>>>> [email protected] >>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Winpcap-users mailing list >>>>>>> [email protected] >>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Winpcap-users mailing list >>>>>> [email protected] >>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>> >>>>>> _______________________________________________ >>>>>> Winpcap-users mailing list >>>>>> [email protected] >>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Winpcap-users mailing list >>>>> [email protected] >>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>> >>>>> _______________________________________________ >>>>> Winpcap-users mailing list >>>>> [email protected] >>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Winpcap-users mailing list >>>> [email protected] >>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>> >>>> _______________________________________________ >>>> Winpcap-users mailing list >>>> [email protected] >>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>> >>>> >>> _______________________________________________ >>> Winpcap-users mailing list >>> [email protected] >>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>> >>> _______________________________________________ >>> Winpcap-users mailing list >>> [email protected] >>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>> >>> >> >> >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users >> >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users >> > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
