Capture packets without callback method 02/24 Update SLTechnology News&Howtos

Capture packets without callback method

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

This time I will replace the previous pcap_loop () function with the pcap_next_ex () function.

The pcap_loop () function is based on the principle of callbacks for data capture, which is a subtle method and, in some cases, a good choice. However, handling callbacks is sometimes impractical-it increases the complexity of the program, especially in C++ programs with multithreading.

You can get a packet by calling the pcap_next_ex () function directly-- only if the programmer uses the pcap_next_ex () function to receive the packet.

The parameters of this function are the same as those of the capture callback function-- it contains a network adapter descriptor and two pointers that can be initialized and returned to the user (one to the pcap_pkthdr structure and the other to the buffer of Datagram data).

In the following program, you'll use the previous callback code again, just put it in the main () function, and then call the pcap_next_ex () function.

Implementation code:

/ / 6404002.cpp: defines the entry point for the console application.

# include "stdafx.h"

# include "pcap.h"

Int _ tmain (int argc, _ TCHAR* argv [])

{

Pcap_if_t * alldevs

Pcap_if_t * d

Int inum

Int iTunes 0

Pcap_t * adhandle

Int res

Char errbuf[PCAP _ ERRBUF_SIZE]

Struct tm * ltime

Char timestr [16]

Struct pcap_pkthdr * header

Const u_char * pkt_data

Time_t local_tv_sec

/ * get the list of local devices * /

If (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & alldevs, errbuf) =-1)

{

Fprintf (stderr, "Error in pcap_findalldevs:% s\ n", errbuf)

Exit (1)

}

/ * print list * /

For (dudes alldevs; d; dudes-> next)

{

Printf ("d. S", + + I, d-> name)

If (d-> description)

Printf ("(% s)\ n", d-> description)

Else

Printf ("(No description available)\ n")

}

If (iTunes 0)

{

Printf ("\ nNo interfaces found! Make sure WinPcap is installed.\ n")

Return-1

}

Printf ("Enter the interface number (1M% d):", I)

Scanf ("d", & inum)

If (inum

< 1 || inum >

{

Printf ("\ nInterface number out of range.\ n")

/ * release device list * /

Pcap_freealldevs (alldevs)

Return-1

}

/ * Jump to the selected adapter * /

For (d=alldevs, iTuno; I

< inum-1 ;d=d->

Next, iTunes +)

/ * turn on the device * /

If ((adhandle= pcap_open (d-> name, / / device name)

65536, / / part of the packet to be captured

/ / 65535 guarantee that the entire contents of each packet on different data link layers can be captured

PCAP_OPENFLAG_PROMISCUOUS, / / hybrid mode

1000, / / read timeout

NULL, / / remote machine verification

Errbuf / / error buffer pool

)) = = NULL)

{

Fprintf (stderr, "\ nUnable to open the adapter.% s is not supported by WinPcap\ n", d-> name)

/ * release setting list * /

Pcap_freealldevs (alldevs)

Return-1

}

Printf ("\ nlistening on% s...\ n", d-> description)

/ * release device list * /

Pcap_freealldevs (alldevs)

/ * get packet * /

While ((res = pcap_next_ex (adhandle, & header, & pkt_data)) > = 0) {

If (res = = 0)

/ * timeout is up * /

Continue

/ * convert the timestamp to a recognizable format * /

Local_tv_sec = header- > ts.tv_sec

Ltime=localtime & local_tv_sec)

Strftime (timestr, sizeof timestr, "% H:%M:%S", ltime)

Printf ("% SJ% .6d len:%d\ n", timestr, header- > ts.tv_usec, header- > len)

}

If (res =-1) {

Printf ("Error reading the packets:% s\ n", pcap_geterr (adhandle))

Return-1

}

Return 0

}

I want to use pcap_next_ex () instead of the previous pcap_next () because pcap_next () has some bad things. First, it is inefficient, and although it hides the callback, it still relies on the function pcap_dispatch (). Second, it cannot detect the EOF at the end of the file, so if the packet is read from the file, it is less useful.

It is worth noting that pcap_next_ex () returns different values in the case of success, timeout, error, or EOF.

Note: