From owner-freebsd-questions@FreeBSD.ORG Mon Feb 5 02:28:10 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 89DAA16A400 for ; Mon, 5 Feb 2007 02:28:10 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id E5C4213C47E for ; Mon, 5 Feb 2007 02:28:09 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from kobe.laptop (dialup107.ach.sch.gr [81.186.70.107]) (authenticated bits=128) by igloo.linux.gr (8.13.8/8.13.8/Debian-3) with ESMTP id l152RSS2018169 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 5 Feb 2007 04:27:37 +0200 Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.13.8/8.13.8) with ESMTP id l152RPGN024389; Mon, 5 Feb 2007 04:27:27 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.13.8/8.13.8/Submit) id l152RM99024387; Mon, 5 Feb 2007 04:27:22 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Mon, 5 Feb 2007 04:27:22 +0200 From: Giorgos Keramidas To: nocturnal Message-ID: <20070205022721.GA24354@kobe.laptop> References: <45C630FD.3080801@swehack.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <45C630FD.3080801@swehack.se> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-3.748, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.45, BAYES_00 -2.60, DNS_FROM_RFC_ABUSE 0.20) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: packet destination from pcap X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2007 02:28:10 -0000 On 2007-02-04 20:16, nocturnal wrote: > Hi > I'm sniffing packets with pcap but i need information about where the > packet is going. This is a decision made by the routing table, so there's no good way to 'guess' where it will go before the packet reaches the outgoing queue of the IP layer. > I'm thinking i need to open two pcap sessions with two different > filters because the application i'm writing has a need for > distinguishing between packets going to a specified ip-address and > those going from it. Well, the destination IP address should be easy to grab. Even if you do get hold of that though, you may have to listen to multiple pcap connections to find out where the routing decisions send the packet on its way out.