From owner-freebsd-questions@FreeBSD.ORG Wed Feb 14 15:52:19 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5EA9116A402 for ; Wed, 14 Feb 2007 15:52:19 +0000 (UTC) (envelope-from nocturnal@swehack.se) Received: from smtp1.inkorgen.com (smtp1.inkorgen.com [82.99.44.201]) by mx1.freebsd.org (Postfix) with ESMTP id E5CE613C49D for ; Wed, 14 Feb 2007 15:52:18 +0000 (UTC) (envelope-from nocturnal@swehack.se) Received: from proxy1.inkorgen.com (proxy1 [192.168.100.1]) by smtp1.inkorgen.com (8.13.8/8.13.8) with ESMTP id l1EFqAwt045222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Feb 2007 16:52:10 +0100 (CET) Received: from [82.99.47.4] ([82.99.47.4]) (authenticated bits=0) by proxy1.inkorgen.com (8.13.8/8.13.8) with ESMTP id l1EFlB6b019642 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 14 Feb 2007 16:47:12 +0100 (CET) Message-ID: <45D32FC2.8090107@swehack.se> Date: Wed, 14 Feb 2007 16:50:26 +0100 From: nocturnal User-Agent: Thunderbird 1.5 (X11/20060116) MIME-Version: 1.0 To: Giorgos Keramidas References: <45C630FD.3080801@swehack.se> <20070205022721.GA24354@kobe.laptop> In-Reply-To: <20070205022721.GA24354@kobe.laptop> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on washer1.inkorgen.com X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: packet destination from pcap X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 15:52:19 -0000 Hi After i wrote the e-mail to the list i figured out how to get the ethernet destination address of the packet. I'm not sure but this might help me because i need to figure out if the packet is moving towards me or away from me on the interface i've chosen. So i can compare this with the ethernet address of my chosen interface and figure out where it's going. Stop me if i'm wrong. :) Med vänliga hälsningar Stefan Midjich aka nocturnal [Swehack] http://swehack.se Giorgos Keramidas wrote: > On 2007-02-04 20:16, nocturnal wrote: >> Hi >> I'm sniffing packets with pcap but i need information about where the >> packet is going. > > This is a decision made by the routing table, so there's no good way to > 'guess' where it will go before the packet reaches the outgoing queue of > the IP layer. > >> I'm thinking i need to open two pcap sessions with two different >> filters because the application i'm writing has a need for >> distinguishing between packets going to a specified ip-address and >> those going from it. > > Well, the destination IP address should be easy to grab. Even if you do > get hold of that though, you may have to listen to multiple pcap > connections to find out where the routing decisions send the packet on > its way out. > > >