Thanks Mark Pizzolato. I actually got output, through a different approach. I used pcap_open_live( ) and pcap_next_ex( ).
But I have question, kindly help me figure out this. when i use the pcap_open_live( ) and pcap_next_ex( ), i see some packets captured. But what are these packets? how are they generated? Am i generating them? Your suggestions will be valuable to me. On Wed, Jul 13, 2011 at 6:18 PM, <[email protected]> wrote: > Send Winpcap-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.winpcap.org/mailman/listinfo/winpcap-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Winpcap-users digest..." > > > Today's Topics: > > 1. Re: how to find active ports (Mark Pizzolato - WinPCap-Users) > 2. Performance issues and c# wrappers (Emre Eri?gen) > 3. Re: Performance issues and c# wrappers (Black, Michael (IS)) > 4. Re: Performance issues and c# wrappers (Emre Eri?gen) > 5. PacketRequest on a Wan-adapter (Gisle Vanem) > 6. Re: EXT :Re: Performance issues and c# wrappers > (Black, Michael (IS)) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 12 Jul 2011 20:00:52 -0700 > From: Mark Pizzolato - WinPCap-Users > <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: [Winpcap-users] how to find active ports > Message-ID: > < > 0cc6789c1c831b4c8ccff49d45d7010f290403e...@redroof2.alohasunset.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi there Rajath, > > Winpcap doesn't contain a single API which provides the specific answer you > are looking for. > > However, you could determine the answer you are looking for with a little > coding on your part. The following steps will achieve the desired result: > 1) Use pcap_findalldevs to enumerate the set of 'ports' as you say. > 2) For each enumerated port, use pcap_openlive to open a promiscuous > mode pcap handle to the port. > 3) For each enumerated port, Craft a packet which says "Sending on > Port #N" and use any source MAC address (without Bi1#1 set (i.e. the > Broadcast/multicast bit sent), use a destination MAC address of > FF:FF:FF:FF:FF:FF. Send the packet on the pcap handle using > pcap_sendpacket. Read arriving packets on each of the pcap handles looking > for the crafted packet. Each time you find a packet you sent, you've found > a 'loopbacked' port (the loopbacks here could also indicate multiple ports > connected to the same switch, which is equivalent to a set of ports > connected with a crossover cable). > > Good Luck. > > - Mark Pizzolato > > On Monday, July 04, 2011 5:44 AM, rajath kumara wrote: > > > Thanks for the reply. > > > > However guess, its better to restate my problem, so that i can make you > > people clear about my query. > > > > I am using some ?3 NICS ( network interface cards), which together get me > 10 > > ports. > > 2 NICs are are from D-Link NIC cards which have 4 ports each in them, and > > another is NETGEAR NIC, which has 2 ports in it. > > > > with the help of pcap_findalldevs() , i can obtain the list of all ports > , > > along with details of NIC cards, their MAC_ addresses and others. > > > > But my question is , pcap_findalldevs( ), gives me list of all 10 ports i > am > > using, > > > > assume i use a cross-cable and connect any 2 ports to form a loopback > > condition,then ?is their any function in wpcap, which tells me > > which 2 ports are in loopback state among the 10 ports i am using. > > > > or any other function is their apart from wpcap, which helps me to do > this. > > > > > > please help me to figure out this problem. > > > > > > > > ------------------------------ > > Message: 2 > Date: Wed, 13 Jul 2011 14:09:29 +0300 > From: Emre Eri?gen <[email protected]> > To: [email protected] > Subject: [Winpcap-users] Performance issues and c# wrappers > Message-ID: > <CAF8arNifT2kQugbmBznyhTAf_00Z9+Z=xKjw35Dang3N1-E=v...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > I want to write a program which will listen the network device and capture > packets and saves them as dump files. The problem is packet loss must be > really really small in high transfer rates. What is the maximum transfer > rate for winpcap library? Can i capture 100mbit/sec without packet loss? I > have to write this program with C# so by wrapping winpcap for using in C# > will decrease the program performance? Do you know the performance of > wrappers like pcp.net and sharppcap? By performance i mean maximum > transfer > rate without packet loss. Any help will be appreciated. Thank you for > reading. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/02a51435/attachment-0001.html > > > > ------------------------------ > > Message: 3 > Date: Wed, 13 Jul 2011 11:56:57 +0000 > From: "Black, Michael (IS)" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: [Winpcap-users] Performance issues and c# wrappers > Message-ID: <55D44176-CAE1-47F1-A797-14177DD064E0@mimectl> > Content-Type: text/plain; charset="iso-8859-2" > > I don't know what kind of network you're on. > > But 100mbit/sec is nothing anymore. > > > > Today's switches have gigabit ports to interconnect them because the ports > can all do 100Mbit EACH for example. One 100Mbit port can't watch fast > enough to capture the traffic that can occur on the switch. > > > > So you really have to either bond ports together or sit on the gigabit port > to capture traffic. > > > > Nonetheless -- you'll want to multitrread your application for writing to > disk. > > > > You can probably get by without that for 100Mbit/sec (that's only 12MB/sec > to disk which should be a doable sustained rate on a single thread). But if > your disk I/O pauses too long you may drop things. > > > > You can tell that by running a ping while blasting data at it and the > looking to see if you capture all the pings. > > Or better, by running a small test program which sends 10 packets a second > or such and ensure you see all the packets while blasting data on the > network. > > > > > > > > Michael D. Black > > Senior Scientist > > NG Information Systems > > Advanced Analytics Directorate > > > > ________________________________ > From: [email protected] [[email protected]] > on behalf of Emre Eri?gen [[email protected]] > Sent: Wednesday, July 13, 2011 6:09 AM > To: [email protected] > Subject: EXT :[Winpcap-users] Performance issues and c# wrappers > > I want to write a program which will listen the network device and capture > packets and saves them as dump files. The problem is packet loss must be > really really small in high transfer rates. What is the maximum transfer > rate for winpcap library? Can i capture 100mbit/sec without packet loss? I > have to write this program with C# so by wrapping winpcap for using in C# > will decrease the program performance? Do you know the performance of > wrappers like pcp.net<http://pcp.net/> and sharppcap? By performance i > mean maximum transfer rate without packet loss. Any help will be > appreciated. Thank you for reading. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/7c8d7dd1/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Wed, 13 Jul 2011 15:29:00 +0300 > From: Emre Eri?gen <[email protected]> > To: [email protected] > Subject: Re: [Winpcap-users] Performance issues and c# wrappers > Message-ID: > <caf8arnjt6z7r+4qbujuh4bw0ywvhxrofrktwtbgqnhx+xt1...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > Thank you so much for your answer. I think I should explain about my > problem > a little bit more. I want to listen a network which has an internet > connection around 50mbit/sec. My problem is i have to use C# for this > program and so i need to wrap winpcap to use it. There are some open source > C# wrappers like sharppcap and pcap.net. I wonder if i use these wrappers > can i listen and capture 50mbit/sec without packet loss. Is using a wrapper > will reduce the performance of winpcap? I just need to listen, capture and > save them to a dump file so my wrapper will not be much a big project. Do > writing my own little wrapper help me to reduce performance reduction? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/2a250bcc/attachment-0001.html > > > > ------------------------------ > > Message: 5 > Date: Wed, 13 Jul 2011 14:31:01 +0200 > From: Gisle Vanem <[email protected]> > To: WinDump <[email protected]> > Subject: [Winpcap-users] PacketRequest on a Wan-adapter > Message-ID: <[email protected]> > Content-Type: text/plain; CHARSET=US-ASCII; format=flowed; > reply-type=original > > Hi list. > > The PacketRequest() function is obviously not suited for getting > the low-level stuff (such as MTU and MAC-address) from a WAN (PPP/SLIP) > interface. I'm getting the error "PacketRequest not supported on > non-NPF/NPFIM > adapters" in the winpcap_debug.txt file. > > How can I get such things with another function or API? Device in question > is named "\Device\NPF_GenericDialupAdapter". I can listen on the adapter > just fine. It is the un-encrypted end of my VPN connection. > > --gv > > > > ------------------------------ > > Message: 6 > Date: Wed, 13 Jul 2011 12:48:35 +0000 > From: "Black, Michael (IS)" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: Re: [Winpcap-users] EXT :Re: Performance issues and c# > wrappers > Message-ID: <19623639-CC0A-481E-A8BD-A642B245A1B5@mimectl> > Content-Type: text/plain; charset="iso-8859-2" > > 50Mb/sec is quite doable. > > > > You won't know the answer "for sure" until you test it. > > > > I doubt the wrapper will hurt much. Any additional layer slows things down > but not necessarily by very much. > > > > Write your app and watch the CPU usage. If it gets anywhere close to 100% > for any sustained period of time than then you'll need to optimize. But my > guess is you'll be much less than that. > > > > If all your doing is listening and saving than 2 threads is probably all > you could possibly use, one to capture and push on a queue and another to > pop the packet off the queue and write it to disk. > > > > My guess is you can keep up with 50Mb/sec internet and the 6.25MB/sec to > disk without any problem. > > Hopefully you do have a decent disk system to write to as you're talking > probably 11GB/hour based on 50% utilization of the bandwidth. So you can > fill up a disk pretty fast. > > > > > > Michael D. Black > > Senior Scientist > > NG Information Systems > > Advanced Analytics Directorate > > > > ________________________________ > From: [email protected] [[email protected]] > on behalf of Emre Eri?gen [[email protected]] > Sent: Wednesday, July 13, 2011 7:29 AM > To: [email protected] > Subject: EXT :Re: [Winpcap-users] Performance issues and c# wrappers > > Thank you so much for your answer. I think I should explain about my > problem a little bit more. I want to listen a network which has an internet > connection around 50mbit/sec. My problem is i have to use C# for this > program and so i need to wrap winpcap to use it. There are some open source > C# wrappers like sharppcap and pcap.net<http://pcap.net/>. I wonder if i > use these wrappers can i listen and capture 50mbit/sec without packet loss. > Is using a wrapper will reduce the performance of winpcap? I just need to > listen, capture and save them to a dump file so my wrapper will not be much > a big project. Do writing my own little wrapper help me to reduce > performance reduction? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://www.winpcap.org/pipermail/winpcap-users/attachments/20110713/8a1e4796/attachment.html > > > > ------------------------------ > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > > > End of Winpcap-users Digest, Vol 76, Issue 7 > ******************************************** >
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
