i have known that winpcap library enabled a person to obtain advanced information about installed devices...
given all the networking devices found in the computer, how will i know which one of this has an internet connection?!
thanks:)
You typically don't care about this. Normally you just ask the network stack to make a connection, and don't worry about details.
However, each "device" will have its own IP address. You can request the network stack to use this IP address when making a connection.
Now, to figure which devices have an intenet connection, iterate over all of them, obtain their IP address, and try to create a connection from that originating IP to a destination IP on the Internet. Typically you already know such a destination IP, e.g. your companies webserver.
GetAdaptersInfo() will give you a list of all network adapters installed in a form that you can then use in GetIfEntry(). This latter function will tell you the operational status of an adapter, so you can at least tell if the adapter is plugged into a live hub/switch/router.
If you are particularly interested in IP connectivity, you could look to see if a default gateway is configured for that interface. Don't forget you might have to support IPv6 as well as IP4 if you try this.
Correlating the network adapters found by GetAdaptersInfo() with those found by pcap_findalldevs() is left as an exercise for the reader. I don't remember the details but it was fairly obvious.
Related
I've just began reading information about multicast transfers using boost::asio and I'm somewhat puzzled by the following:
Why do we need a "listening address" in the following boost::asio example? What's the point of that? Why would one choose anything different than localhost?
http://www.boost.org/doc/libs/1_37_0/doc/html/boost_asio/example/multicast/receiver.cpp
Specifying the listening IP address is necessary when you have more than one network interface card (each NIC is bound to a different IP address).
In your apartment...
When you're working at home on your laptop, you probably don't care. The primary goal is usually to connect anything to everything it wants to within your machine, in which case localhost is just fine.
... but servers do care!
High-end servers, on the other hand, usually have more than one network card. Even better, high-performance network cards often have more than one physical plug, and both of them may be active with different DHCP leases.
Servers will also often be part of public and private networks, which may or may not include a VPN which has its own subnet and accessibility parameters. Sysadmins think about these addresses a lot, and they care deeply about which particular address each service is available. Is it a private service? Is there an untrusted subnet that shouldn't be making these requests?
These questions span both security and system organization concerns. It's not specific to multicast: the UNIX bind system call also takes a specific address for all of the above reasons.
I need to write a win32 c/c++ application which will be able to determine whether the PC it's running on is connected to one of 2 networks. The first network is the company LAN (which has no internet connection) and the second network is a standalone switch with a single PC connected to it (the PC that the program is running on).
I'm pretty new to network programming but so far I have tried testing to see if a network drive which is held on our LAN can be mapped. This works fine if the PC is connected to the LAN, the drive mapping succeeds so so LAN detection is successful. However, if the PC is connected to the switch, this results in a VERY long timeout which is not a suitable as it will delay the program so much as to make it unusable.
Does anyone have any alternative suggestions?
I'm using c/c++ in VS 6.0
[Update]
Whilst trying a few different ideas and looking at some of the suggestions below I thought I should update with some additional information as many (if not all) of the suggestions I don't think will work.
(1) The aforementioned LAN has no external connections at all, it is completely isolated so no resolving of external DNS or pinging websites is possible.
(2) Hostname, MAC address, IP, Default Gateway, Subnet etc etc (basically everything you see in ipconfig -all) are all manually configured (not dynamic from the router) so checking any of these settings will return the same whether connected to the LAN or the switch.
(3) Due to point (2), any attempts to communicate with the switch seem to be unsuccessful, in fact almost all networking commands (ping, arp etc) seem to fail - I think due to the machine trying to connect to the LAN when it isn't there :-(
One thing I have found which works is pinging the default gateway IP which times out when connected to the switch. This is sort of ok as I can reduce the timeout of ping so it doesn't just hang for ages but it feels like a bit of a hack and I would certainly appreciate any better solutions.
Thanks
As far as TCP/IP is concerned there is no such thing as a LAN on WAN. There are a set of non-internet routable addresses like 192.168.x.x and 10.x.x.x but these are sometimes used by ISP short of IP addresses.
You best bet is to use Asynchronous APIs when making TCP/IP connections. WIN32 defines a whole buch of OVERLAPPED APIs for this purpose. This will prevent your application from grinding to a halt while waiting for a remote connection.
Alternatively put the socket stuff into another thread and then only notify the UI when the operation is done.
I would first try to differentiate between the two using information available locally--that is, from your computer. Does the output of ipconfig /all differ depending on which network you're connected to? If so, exploit that difference if you can.
Is it possible to get the MAC address of the standalone switch? Of the switch that controls the company LAN? That would be a sure way to tell. Unless somebody cloned the MAC address.
If you try using the existence or non-existence of some network service to determine which network you're connected to, you can never be sure. For example, if you failed to map that network drive, all you know is that the network drive isn't available. You can't say for certain that you're not connected to the company LAN. Same is true if you use ping. Lack of response from a particular machine means only that the machine didn't respond.
Various things you can look at for differentiation:
DNS domain name (GetComputerNameEx)
MAC address of gateway (ping it, then GetIpNetTable)
Routing table(do you have a gateway and default route on the company LAN)
WNet discovered network resources (WNetOpenEnum, WNetEnumResource)
Ability to resolve external hostnames (try a 5-10 names like www.google.com, www.microsoft.com and so on, if one resolves you should have internet)
You'll have to decide how many indicators are "enough" to decide you're on one or the other LAN though if tests fail. Then keep retrying until you have a definite result.
http://msdn.microsoft.com/en-us/library/aa366071%28v=VS.85%29.aspx has a lot of network related functions that you can experiment with to create further indicators.
Windows knows when you have removed the network cable from your NIC. Is there a programmatic way to determine this via API in C++?
Note: I am not using .NET and this is for a closed LAN (not connected to Internet ever)
Raymond Chen blogged about something similar recently. Here is the relevant documentation. I think the MIB_IPADDR_DISCONNECTED flag is what you are looking for.
Use the Network List Manager api with the INetwork api.
You can register your app to receive callbacks when networks become connected/not connected.
Or you can get the list of networks and then check each of them to see if the machine is network connected or not
Remember that a windows machine will often have multiple networks set up (Ethernet, wifi, etc)
Remember that just because a network is connected, you may not have access to the internet. Eg you could have DNS or routing problems. Or you could be on a working network that is not connected to the internet.
Due to the above, many diagnostic tools also connect to a "known-good" internet server if they want to really know if they're connected or not. Something like google.com -- they spend a lot of money to make sure that their site is up all the time.
Finally, you can also have a semi-connected situation where packets are getting through but not enough to really enable communications to flow. To test this, don't just ping an internet site since that'd only be a pair of packets. Instead, open a TCP connection or something more than a ping.
I'm fiddling with the sockets ioctl's to get the current interfaces setup and I can already get the IP, interface name, netmask and check if the interface is up or down, (I just do IOCTl to SIOCGIFCONF, SIOCGIFNETMASK and SIOCGIFFLAGS).
I am looking for a way to tell if my current IP address was obtained through dhcp or if it was static.
I can check /etc/network/interfaces for everything I want, but I'm looking for a way to do it programmaticly (does this word exist?).
Does anyone have any insight into this?
One more thing, I'm working on Linux (for now).
Cheers
With the wide variety of DHCP clients on Linux -- pump, dhcpcd, dhclient, udhcpc, and quite possibly others that I do not know of -- this isn't possible in a general sense.
However, if you are targeting a specific distribution -- say, "default install of Ubuntu" -- then you can investigate solutions such as Stefan's. Note that all four of the DHCP clients listed here can be installed on Ubuntu and can replace the default DHCP client, dhclient.
If you're running Ubuntu, the leases are stored in /var/lib/dhcp3/dhclient-[interface_name].lease, maybe that's a start.
I don't think its possible to tell via a kernel interface (ioctl) if an IP address was allocated via DHCP as in most distributions DHCP is a userland app that just configures the kernel with data provided by a remote source as if the user had done it manually. In fact, if you look at the ISC dhclient it just passes the data received from the DHCP server to simple shell scripts that do ifconfig, route and various other commands that you could type as a user.
So you'll probably have to look at methods that are specific to your DHCP client and distribution as suggested by Stefan.
Is there an existing Linux/POSIX C/C++ library or example code for how to rebind a socket from one physical interface to another?
For example, I have ping transmitting on a socket that is associated with a physical connection A and I want to rebind that socket to physical connection B and have the ping packets continue being sent and received on connection B (after a short delay during switch-over).
I only need this for session-less protocols.
Thank you
Update:
I am trying to provide failover solution for use with PPP and Ethernet devices.
I have a basic script which can accomplish 90% of the functionality through use of iptables, NAT and routing table.
The problem is when the failover occurs, the pings continue being sent on the secondary connection, however, their source IP is from the old connection.
I've spoken with a couple of people who work on commercial routers and their suggestion is to rebind the socket to the secondary interface.
Update 2:
I apologise for not specifying this earlier. This solution will run on a router. I cannot change the ping program because it will run on the clients computer. I used ping as just an example, any connection that is not session-based should be capable of being switched over. I tested this feature on several commercial routers and it does work. Unfortunately, their software is proprietary, however, from various conversations and testing, I found that they are re-binding the sockets on failover.
As of your updated post, the problem is that changing the routing info is not going to change the source address of your ping, it will just force it out the second interface. This answer contains some relevant info.
You'll need to change the ping program. You can use a socket-per-interface approach and somehow inform the program when to fail over. Or you will have to close the socket and then bind to the second interface.
You can get the interface info required a couple of ways including calling ioctl() with the SIOCGIFCONF option and looping through the returned structures to get the interface address info.
I do't think that's quite a well-defined operation. the physical interfaces have different MAC addresses, so unless you have a routing layer mapping them (NAT or the like) then they're going to have different IP addresses.
Ports are identified by a triple of <IP addr, Port number, protocol> so if your IP address changes the port is going to change.
What are you really trying to do here?
I'm not at all sure what you're trying to accomplish, but I have a guess... Are you trying to do some kind of failover? If so, then there are indeed ways to accomplish that, but why not do it in the OS instead of the application?
On one end you can use CARP, and on the other you can use interface trunking/bonding (terminology varies) in failover mode.