I got some work done using the packet.dll/packet.sys combo. Unlike GilGil I haven't used Lars's translations from C to ObjectPascal for pcap but I took the example packet dump from the WinPcap2.3, converted it to Delphi and added some features like parsing packets based on their type (Eth, IP TCP, UDP)
A major setback was that my app wasn't parsing packets right, and it didn't display the entire packet content - neither was the C example I used for reference, Gianluca if you remember my prior dumb posts :). My app wasn't missing packets at all. I wasn't parsing them right. The problem was that my app when calling the PacketReceivePacket function got more that one ethernet packet from the driver but I didn't know that and I was parsing it as a single ethernet packet which was obviusly wrong. Not anymore, I used the bpf_hdr structure and things started to work right. There's still the issue of performance, during large transfers the processor is at 100% if I do a complete packet parse/display. I've seen the same beahviour in GilGil's demo apps. I know that it is caused by the DEFAULT_SNAPLEN=68 option but this means that if I set it to 1500 then the response time will increase considerably as well. What I think we need is buffers to keep the raw eth packets before parsing them. ----- Original Message ----- From: "Gianluca Varenni" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 05, 2002 09:21 AM Subject: Re: [WinPcap-users] "Snoop" WinPcap encapsulate Component for Delphi > Send me a short text describing your work, and I'll put it on the WinPcap > links page (http://winpcap.polito.it/misc/links.htm). > > GV > > PS. Why don't you contact Lars, and join your efforts to create a unique > Delphi WinPcap wrapper? > > ----- Original Message ----- > From: "??寃쎈Ц" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 05, 2002 9:15 AM > Subject: [WinPcap-users] "Snoop" WinPcap encapsulate Component for Delphi > > > > Hi, All. I'm Delphi programmer lived in Seoul Korea. > > I'd made a WinPcap encpasulating Component for Delphi named "Snoop". > > It is easy, comportable and reliable to use in Delphi. > > I appreciate NiteShiflter's Lair Delphi Pcap > > library(http://home1.stofanet.dk/nitezhifter). > > > > *** Components *** > > - Snoop : Physical Layer captured Component > > - SnoopIP : IP Layer captured Component > > - SnoopTCP : TCP Layer captured Component > > - SnoopUDP : UDP Layer captured Component > > - SnoopSimpleTCP : TCP Layer only data captured Component > > - SnoopSimpleUDP : UDP Layer only data captured Component > > > > *** Compiler *** > > - Delphi 5 or higher > > > > *** File Contents *** > > - Source Unit(Full). > > - Sample Program(SnoopTest, SnoopIPTest, SnoopTCPTest, SnoopUDPTest, > > SnoopSimpleTCPTest, SnoopSimpleUDPTest). > > - Document(MS-Word) > > > > Download Page followed. > > http://www.gilgil.co.kr/snoop > > > > Now, You can download recent version of snoop(version 20020902). > > Feel free do download component. > > > > > > -------------------------------------------- > > homepage : http://www.gilgil.co.kr > > tel : +82-11-9725-8908 > > --------------------------------------- > > > > > > > > _________________________________________________________________ > > 보다 빠르고 보기 편한 뉴스. 오늘의 화제는 MSN 뉴스에서 >확인하세요. > > http://www.msn.co.kr/news/ > > > > > > > > ================================================================== > > This is the WinPcap users list. It is archived at > > http://www.mail-archive.com/[email protected]/ > > > > To unsubscribe use > > mailto: [EMAIL PROTECTED]?body=unsubscribe > > ================================================================== > > > > > > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[email protected]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED]?body=unsubscribe > ================================================================== ================================================================= This is the WinPcap users list. It is archived at http://www.mail-archive.com/[email protected]/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe =================================================================
