Windows equalivalent to eth0
Asked Answered
V

3

7

Is there a generic IP device name for windows similar to "eth0" used by Linux and Solaris?

I am attempting to monitor SCTP traffic, which appears to be successful passing the ip address, but this means for every machine to use this application would changing to use the host address.

Thanks

Vocabulary answered 9/3, 2009 at 16:38 Comment(0)
S
4

The best way to find the "default" interface is to query the route table for the 0.0.0.0 (default) route. This will be associated with exactly one interface. Of course, in a dynamic environment, this is a snapshot.

C:\> route PRINT 0.0.0.0

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   10.117.254.254     10.117.1.68       20
Default Gateway:    10.117.254.254
Sphericity answered 15/6, 2009 at 7:40 Comment(1)
Not only one interface; I see both the wireless and wired adapters, but then I choose lowest metric.Militarism
H
1

No there's no "standard" or "default" device. Indeed, on a laptop it's hard to say whether e.g. the wireless or wired device would be "more default." Plus there's fake devices for firewalls, virtual machine instances, etc..

You will need to monitor all the devices, or at least all active devices (ones that are not "disconnected.")

Herculaneum answered 9/3, 2009 at 16:41 Comment(1)
The corollary to the wireless comments is that the same is true for linux: if you're just treating eth0 as default, you're probably missing something.Appling
S
0

Are you using Wireshark to monitor and are worried that you will have to open two Wiresharks to monitor a single SCTP association?

If that is the case, then you can just monitor in promiscuous mode and apply sctp as filter or port 2905 (or the port on which the SCTP association is running). Promiscuous mode, however, requires root (or admin) privileges.

If you do not have Promiscuous mode, then as Jason suggested you will have to monitor all IP's which are part of the association. You can, of course, merge all the separate pcap files into one and then analyze the association traffic.

Ofcourse, if this is no way related to Wireshark, then all of this is gibberish :)

Sorcha answered 15/6, 2009 at 7:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.