Re: Hardware mac address with pcap/winpcap

[Chris Morgan <chmorgan () gmail com>]

On Tue, Mar 3, 2009 at 9:54 PM, Guy Harris <guy () alum mit edu> wrote:
> On Mar 3, 2009, at 6:44 PM, Chris Morgan wrote:
>
> > I would be looking for the local adapter mac addresses.  Under linux
> > with pcap and the adapters I have, ethernet and wireless, I see
> > hardware mac addresses in pcap_if_t.addresses. I wasn't sure if there
> > were any known cases where pcap_if_t.addresses wouldn't have the
> > hardware mac address, like  with winpcap
>
> ...or with libpcap on other flavors of UN*X.
>
> Whether pcap_findalldevs() returns MAC addresses or not is
> platform-dependent - in part because what they're *called* (i.e., what the
> sa_family value for a link-layer address is) is platform-dependent, and in
> part because the OS routine that pcap_findalldevs() uses to fetch the
> addresses is not only platform-dependent but also OS-version-dependent for
> some OSes, and the set of addresses it happens to return can differ between
> platforms.
>
> For any interface that has one or more IPv4 or IPv6 addresses assigned to
> it, you should get those addresses from pcap_findalldevs().  No other
> addresses are guaranteed to be in that list, and it's not guaranteed how you
> even tell whether one of those addresses *is* a MAC address.

Right. I had to look at the sa_family value to differentiate the two
under linux but I don't believe windows even has the same values for
sa_family.


> > Users have reported difficulty getting the adapter mac addresses
>
> Having done a little research when I saw your first mail, it's *definitely*
> platform-dependent.  A future version of libpcap may provide it, but not
> necessarily in the results of pcap_findalldevs() - there might be some other
> API or APIs providing a collection of adapter properties, including IPv4
> addresses, IPv6 addresses, link-layer addresses of various sorts, etc..

Hmm. Right now SharpPcap is platform independent, it should work
nearly the same on windows, mac and linux. We used to have windows
specific calls to a windows dll to retrieve adapter information but
that wouldn't work on other platforms so I removed it rather than
present code that only works sometimes. Some users have expressed the
desire to get the hardware mac addresses, I think so they can send
packets, but maybe this will be filled in by the kernel or the
hardware.

Is the development of pcap such that such a feature might be present
in the next several months? Even something that would work on WinXP
and beyond and Linux with a newish kernel would be great, although I
don't assume that pcap and winpcap are developed by the same people.

Chris
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.