Re: Hardware mac address with pcap/winpcap

[Guy Harris <guy () alum mit edu>]

On Mar 3, 2009, at 6:44 PM, Chris Morgan wrote:

> I would be looking for the local adapter mac addresses.  Under linux
> with pcap and the adapters I have, ethernet and wireless, I see
> hardware mac addresses in pcap_if_t.addresses. I wasn't sure if there
> were any known cases where pcap_if_t.addresses wouldn't have the
> hardware mac address, like  with winpcap

...or with libpcap on other flavors of UN*X.

Whether pcap_findalldevs() returns MAC addresses or not is platform- 
dependent - in part because what they're *called* (i.e., what the  
sa_family value for a link-layer address is) is platform-dependent,  
and in part because the OS routine that pcap_findalldevs() uses to  
fetch the addresses is not only platform-dependent but also OS-version- 
dependent for some OSes, and the set of addresses it happens to return  
can differ between platforms.

For any interface that has one or more IPv4 or IPv6 addresses assigned  
to it, you should get those addresses from pcap_findalldevs().  No  
other addresses are guaranteed to be in that list, and it's not  
guaranteed how you even tell whether one of those addresses *is* a MAC  
address.

> Users have reported difficulty getting the adapter mac addresses

Having done a little research when I saw your first mail, it's  
*definitely* platform-dependent.  A future version of libpcap may  
provide it, but not necessarily in the results of pcap_findalldevs() -  
there might be some other API or APIs providing a collection of  
adapter properties, including IPv4 addresses, IPv6 addresses, link- 
layer addresses of various sorts, etc..
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.