Shulou(Shulou.com)06/01 Report--

Because you already know how to get information about the adapter, you can turn on the adapter and capture the packet. Print out each packet that passes through the adapter.

The function to open the device is pcap_open (). In some operating systems, such as xBSD and Win32, drivers can be configured to capture only the initialization portion of a packet: this reduces the amount of data copied between applications, thereby improving capture efficiency. Set the value at 65535, which is larger than the largest MTU we can encounter. Therefore, a complete packet can always be received.

Flags: the most important flag is used to indicate whether the adapter is to be set to promiscuous mode. In general, the adapter only receives packets that are sent to itself, while packets that communicate between other machines will be discarded. On the contrary, if the adapter is in mixed mode, I will capture it regardless of whether the packet is sent to me or not. In other words, I will capture all the packets. This means that in a shared medium (such as bus Ethernet), WinPcap can capture all packets from other hosts. Most applications for data capture set the adapter to promiscuous mode, so we will also use promiscuous mode in the following example.

To_ms specifies the timeout for reading data, in milliseconds (1s=1000ms). Reading operations on the adapter (such as pcap_dispatch () or pcap_next_ex ()) will respond in to_ms milliseconds, even if there are no packets available on the network. In statistical mode, to_ms can also be used to define the time interval of statistics. Setting to_ms to 0 means that there is no timeout, so if no packet arrives, the read operation will never return. If set to-1, the opposite is true, and the read operation returns immediately, regardless of whether the packet arrives or not.

/ / 4002.cpp: defines the entry point for the console application.

/ /

# include "stdafx.h"

# include "pcap.h"

/ * packet handler function prototype * /

Void packet_handler (u_char * param, const struct pcap_pkthdr * header, const u_char * pkt_data)

Int _ tmain (int argc, _ TCHAR* argv [])

{

Pcap_if_t * alldevs

Pcap_if_t * d

Int inum

Int iTunes 0

Pcap_t * adhandle

Char errbuf[PCAP _ ERRBUF_SIZE]

/ * get the list of local devices * /

If (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & alldevs, errbuf) =-1)

{

Fprintf (stderr, "Error in pcap_findalldevs:% s\ n", errbuf)

Exit (1)

}

/ * print list * /

For (dudes alldevs; d; dudes-> next)

{

Printf ("d. S", + + I, d-> name)

If (d-> description)

Printf ("(% s)\ n", d-> description)

Else

Printf ("(No description available)\ n")

}

If (iTunes 0)

{

Printf ("\ nNo interfaces found! Make sure WinPcap is installed.\ n")

Return-1

}

Printf ("Enter the interface number (1M% d):", I)

Scanf ("d", & inum)

If (inum

i)

{

Printf ("\ nInterface number out of range.\ n")

/ * release device list * /

Pcap_freealldevs (alldevs)

Return-1

}

/ * Jump to the selected adapter * /

For (d=alldevs, iTuno; I

Next, iTunes +)

/ * turn on the device * /

If ((adhandle= pcap_open (d-> name, / / device name)

65536, / / 65535 guarantees that the entire contents of each packet on different data link layers can be captured

PCAP_OPENFLAG_PROMISCUOUS, / / hybrid mode

1000, / / read timeout

NULL, / / remote machine verification

Errbuf / / error buffer pool

)) = = NULL)

{

Fprintf (stderr, "\ nUnable to open the adapter.% s is not supported by WinPcap\ n", d-> name)

/ * release device list * /

Pcap_freealldevs (alldevs)

Return-1

}

Printf ("\ nlistening on% s...\ n", d-> description)

/ * release device list * /

Pcap_freealldevs (alldevs)

/ * start capture * /

Pcap_loop (adhandle, 0, packet_handler, NULL)

Return 0

}

/ * every time a packet is captured, libpcap will automatically call this callback function * /

Void packet_handler (u_char * param, const struct pcap_pkthdr * header, const u_char * pkt_data)

{

Struct tm * ltime

Char timestr [16]

Time_t local_tv_sec

/ * convert the timestamp to a recognizable format * /

Local_tv_sec = header- > ts.tv_sec

Ltime=localtime & local_tv_sec)

Strftime (timestr, sizeof timestr, "% H:%M:%S", ltime)

Printf ("% SJ% .6d len:%d\ n", timestr, header- > ts.tv_usec, header- > len)

}

When the adapter is turned on, the capture can be done with pcap_dispatch () or pcap_loop (). The two functions are very similar, except that pcap_ dispatch () returns when the timeout expires expires (although there is no guarantee), while pcap_loop () does not return, only when the cnt packet is captured, so pcap_loop () will block the use of the network for a short period of time. Pcap_loop () is sufficient for our simple example, but the pcap_dispatch () function is generally used in more complex programs.

Both functions have a callback parameter, and packet_handler points to a function that can receive packets. This function is called by libpcap when each new packet is received and a general state is received (similar to the user parameter in the functions pcap_loop () and pcap_dispatch ()). The header of the packet generally contains some information such as timestamp, packet length, and the actual data containing the header of the protocol. Note: the redundancy check code CRC is no longer supported because after the frame arrives at the adapter and is verified by the check, the adapter will delete the CRC. At the same time, most adapters will directly discard CRC error packets, so WinPcap cannot capture them.

The above program parses the timestamp and length of each packet from the header of the pcap_pkthdr and prints it on the screen.

Note:

Project-- > * * attribute (alt+F7)

Configure properties-- > inventory tool-- > input and output-- > embed list-- > No

Project-- > * * attribute (alt+F7)

Configuration Properties-- > Cramp Cure colors-- > General-- > additional inclusion directories-- > (include)

Project-- > * * attribute (alt+F7)

Configuration Properties-- > Linker-- > General-- > additional Library Directory-- > (lib)

Project-- > * * attribute (alt+F7)

Configure properties-- > linker-- > input-- > attach dependencies-- > supplement "; Packet.lib;wpcap.lib"

Project-- > * * attribute (alt+F7)

Configuration properties-- > Candlestick colors-- > preprocessor-- > preprocessor definition-- > supplement "; HAVE_REMOTE"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.