Measuring upload/download rates with libpcap
https://stackoverflow.com/questions/4693034
-
11-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using libpcap (and winpcap on Windows) in a C application to monitor network traffic. I need to differentiate between upload and download traffic on each network adapter, to produce connection speed stats, but the filter expressions used by the library don't seem to support this very easily (ie there are no 'incoming'/'outgoing' operators).
One approach that I have considered is to query the IP address of each adapter, and then use filters such as src host 1.2.3.4 (to measure uploads) and dst host 1.2.3.4 (to measure downloads).
My questions are:
Is there a better/simpler approach than the one above (something that would let me use the same filter expression for each adapter would be nice)?
If the above approach is the way to go, then is there any chance that a single adapter could have more than 1 IP address associated with it? The reason I ask is that the pcap_addr struct which holds the address details of a single adapter (in struct pcap_if) has a 'next' member suggesting that this is possible.
Solution
Firstly, remember, pcap sees only packets. It doesn't see "outgoing" or "incoming" - simply packets. So yes, you must filter using the src/dst in the ip headers. There is no other way to tell whether the packet is incoming or outgoing.
Secondly, yes, there is nothing stopping an adapter having multiple IP addresses. So you need to grab the IP addresses configured from that adapter. pcap_findalldevs() (WinPCap Documentation) ought to help you here, from which you should be able to deduce which devices you want to monitor.
