VC++ Winpcap library - not getting any packets, Win7
So, I'm writing an application that will sit on my network (a span port on one of my core switches, actually) and monitor the traffic going across the fabric... specifically, I am looking to generate assoications between applications. Which servers talk to which other servers, etc.
Will be very informative and interesting.
The first step is of course to drop the NIC into promiscuous mode, and read the packets.
I've got the pcap.h file, and the libraries working... I can access the functions within the library, and I can both list and open adapters. However, following the documented examples provided, I'm not getting any packets dumped out.
Basically, my screen just sits blank and empty... I did generate traffic by browsing webpages (though there's a lot of background traffic that it should pick up anyways, ARP if nothing else) while the app was open and running.
Will be very informative and interesting.
The first step is of course to drop the NIC into promiscuous mode, and read the packets.
I've got the pcap.h file, and the libraries working... I can access the functions within the library, and I can both list and open adapters. However, following the documented examples provided, I'm not getting any packets dumped out.
//open the adapter
adapterhandle=pcap_open(adapter->name,65536,PCAP_OPENFLAG_PROMISCUOUS,1000,NULL,errorBuffer);
if (adapterhandle==NULL){
cout<<"Unable to open adapter "<<adapter->name<<"\n";
pcap_freealldevs(allAdapters);
return;
}
cout<<"Capture process started on adapter "<<adapter->name<<"\n";
//recieve packets, this part does not work.
while ((retValue=pcap_next_ex(adapterhandle,&packetHeader,&packetData))>=0){
if (retValue==0)
continue;
cout<<"Packet Length: "<<packetHeader->len<<"Received at :"<<packetHeader->ts.tv_sec<<"\n\n";
}
//clean up
pcap_freealldevs(allAdapters);
cout<<"Finished\n\n";
Basically, my screen just sits blank and empty... I did generate traffic by browsing webpages (though there's a lot of background traffic that it should pick up anyways, ARP if nothing else) while the app was open and running.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
HAve you tried 'pcap_open_live()' instead of 'pcap_open()'? Also, see http://www.lovemytool.com/blog/2009/08/joke_snelders4.html ("Wireshark & Windows 7") about issues with Win7.
Fast reply!
I've read through that link, yes... all steps were followed, and applications such as Wireshark and Cain will read promiscuous packets without issue.
I gave the open_live method a try, however the same result.
I've read through that link, yes... all steps were followed, and applications such as Wireshark and Cain will read promiscuous packets without issue.
I gave the open_live method a try, however the same result.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial