|
apologies if this is a repeat, but I did look for
the answer and did not find it.
I reviewed the nice sample app TCPTOP which uses
winpcap in MODE_STAT (packet/byte statistics). This is neat, except that:
Imagine I have 5 types of packets I want to tabulate statistics
for: HTTP, all other TCP, all UDP, all IPSEC, and other IP. I would
like the statistics for *each* filter when dispatcher_handler is called.
Obviously I could just recompile tcptop to take a filter on the command
line and run 5 separate processes, but perhaps the 1000ms intervals don't
exactly overlap (they are different processes, after all), and if I ran a 6th
one that was unfiltered (all packets), I really would have no guarantee that the
totals would add up.
Basically, I would like to be able to pass in an
array of filters before pcap_loop( ) is called. Packets would be matched
against each filter and the compiled statistics for each filter would be
returned to dispatch_handler( ). Is there a way of doing
this?
I realize I can just get the bytes for every packet
and do my own decode, but then I will have gotten away from the very low
overhead that makes TCPTOP such a nice app. Traffic is typically 5-10Mbps right now, so performance is a
concern.
+Steve
|
- Re: [WinPcap-users] multiple filters Steve Ericson
- Re: [WinPcap-users] multiple filters Gianluca Varenni
