On Tuesday 22 March 2005 10:28, Tom Brown wrote:
> Hi,
>
> I am using pcap_next_ex() in my application in a loop to capture all
> packets on an ethernet device. I have compared the amount of packets that
> my application captures to what ethereal captures and my calls to
> pcap_next_ex() are just not picking up everything. More importantly, the
> packets I need it to capture are not being captured all the time. My
> application is in constant communication with a device to monitor its
> status. I used ethereal to verify the device was always replying to my
> application. The code snippets below are written in Delphi. Here is my call
> to pcap_open():
>
> fp := pcap_open(PAnsiChar(ADeviceName), 65536, PCAP_OPENFLAG_PROMISCUOUS,
> 1, nil, errorbuf);
>
> Here is my call to pcap_next_ex() which is in a loop:
>
> ret := pcap_next_ex(fp, @pktheader, @pktdata);
>
> I can provide more code if you want it. pcap_next_ex() times out a lot. Am
> I doing something wrong here? Are there other reasons that pcap_next_ex()
> would timeout instead of capturing packets? Any ideas would be appreciated.
>
> Thanks,
> Tom
Ethereal and WinDump both capture all the packets coming in on the network
device. I looked through their source code and found ethereal uses
pcap_dispatch() and WinDump uses pcap_loop(). I tried using both functions in
my application. In both cases, my callback function would get called but the
pktheader contains bogus numbers and the pktdata is null. Here is my code.
What am I doing wrong?
procedure callback(user: PAnsiChar; pktheader: ppcap_pkthdr;
pktdata: PAnsiChar);
var
i: Integer;
packet: string;
begin
if pktdata = nil then
Exit;
packet := '';
for i := 0 to pktheader.caplen - 1 do
packet := packet + IntToHex(Byte(pktdata[i]), 2);
GLog.Info(packet);
end;
function TPacketThread.CaptureStatusReply2(ADeviceName: string;
var AStatusData: TStatusData): Boolean;
const
cFuncName = 'TPacketThread.CaptureStatusReply2';
var
fp: ppcap_t;
errorbuf: array[0 .. PCAP_ERRBUF_SIZE - 1] of Char;
ret: Integer;
initialtime: TDateTime;
begin
GLog.LogBegin(cFuncName);
Result := False;
fp := pcap_open_live(PAnsiChar(ADeviceName), 65536,
PCAP_OPENFLAG_PROMISCUOUS,
1, errorbuf);
if fp = nil then
begin
GLog.Info('Unable to open device.');
Exit;
end;
initialtime := Now;
while (Now - initialtime) < 0.00006 do
begin
ret := pcap_loop(fp, 1, @callback, nil);
case ret of
0: GLog.Info('pcap_loop timed out');
else
GLog.Info('pcap_loop returned ' + IntToStr(ret));
end;
end;
pcap_close(fp);
GLog.LogEnd(cFuncName);
end;
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[email protected]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
