[转载]Using WinPcap in your programs(在您的程序中使用WinPcap)
原始连接:[url]http://www.winpcap.org/docs/docs31/html/group__wpcapsamps.html[/url]Creating an application that uses wpcap.dll
To create an application that uses wpcap.dll with Microsoft Visual C++, follow these steps:
Include the file pcap.h at the beginning of every source file that uses the functions exported by library.
If your program uses Win32 specific functions of WinPcap, remember to include WPCAP among the preprocessor definitions.
Set the options of the linker to include the wpcap.lib library file. wpcap.lib can be found in the WinPcap developer's pack.
Set the options of the linker to include the winsock library file (for example wsock32.lib). This file is distributed with the C compiler and contains the socket functions for Windows. It is needed by some libpcap functions.
Remember that:
To add a preprocessor definition, you must select Settings from the Project menu, then select C/C++ from the tab control, and under the category General, you must add the definition under the Preprocessor Definitions text box.
To add a new library to the project with Microsoft Visual C++, you must select Settings from the Project menu, then select Link from the tab control, and then add the name of the new library in the Objcet/library modules editbox.
To add a new path where Microsoft Visual C++ will look for the libraries, you must select Options from the Tools menu, then Directories from the tab control, Library files from the Show directories for combobox, and the add the path in the Directories box.
To add a new path where Microsoft Visual C++ will look for include files, you must select Options from the Tools menu, then Directories from the tab control, Include files from the Show directories for combobox, and the add the path in the Directories box.
Sample programs
A couple of sample programs are provided to show the usage of the WinPcap API. The source of the examples, along with all the files needed to compile and run them, can be found in the Developer's Pack. For didactic purpose we provide here a browsable version of the code: it is possible to click on the variables and functions to jump the documentation of each of them. For a more complete set of samples, try WinPcap Tutorial Section.
Packet Dump
This program reads packets from a file or a network adapter, depending on a command line switch. If a source is not provided, the program shows a list of available adapters, one of which can be selected. Once the capture is started, the program prints the timestamp, the length and the raw contents of the packets. Once compiled, it will run on all the Win32 platforms. It can be compiled to run on Unix as well (the makefile is provided).
[code]/*
* Copyright (c) 1999 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#define LINE_LEN 16
main(int argc, char **argv)
{
pcap_if_t *alldevs, *d;
pcap_t *fp;
u_int inum, i=0;
char errbuf[PCAP_ERRBUF_SIZE];
int res;
struct pcap_pkthdr *header;
u_char *pkt_data;
printf("pktdump_ex: prints the packets of the network using WinPcap.\n");
printf(" Usage: pktdump_ex [-s source]\n\n"
" Examples:\n"
" pktdump_ex -s file://c:/temp/file.acp\n"
" pktdump_ex -s rpcap://\\Device\\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998}\n\n");
if(argc < 3)
{
printf("\nNo adapter selected: printing the device list:\n");
/* The user didn't provide a packet source: Retrieve the local device list */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
exit(1);
}
/* Print the list */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s\n ", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the device */
if ( (fp= pcap_open(d->name,
100 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
}
else
{
// Do not check for the switch type ('-s')
if ( (fp= pcap_open(argv[2],
100 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening source: %s\n", errbuf);
return -1;
}
}
/* Read the packets */
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{
if(res == 0)
/* Timeout elapsed */
continue;
/* print pkt timestamp and pkt len */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
/* Print the packet */
for (i=1; (i < header->caplen + 1 ) ; i++)
{
printf("%.2x ", pkt_data[i-1]);
if ( (i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
}
if(res == -1)
{
printf("Error reading the packets: %s\n", pcap_geterr(fp));
return -1;
}
return 0;
}[/code]
[code]00001 /*
00002 * Copyright (c) 1999 - 2003
00003 * NetGroup, Politecnico di Torino (Italy)
00004 * All rights reserved.
00005 *
00006 * Redistribution and use in source and binary forms, with or without
00007 * modification, are permitted provided that the following conditions
00008 * are met:
00009 *
00010 * 1. Redistributions of source code must retain the above copyright
00011 * notice, this list of conditions and the following disclaimer.
00012 * 2. Redistributions in binary form must reproduce the above copyright
00013 * notice, this list of conditions and the following disclaimer in the
00014 * documentation and/or other materials provided with the distribution.
00015 * 3. Neither the name of the Politecnico di Torino nor the names of its
00016 * contributors may be used to endorse or promote products derived from
00017 * this software without specific prior written permission.
00018 *
00019 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00020 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00021 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00022 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
00023 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00024 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
00025 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00026 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
00027 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
00028 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
00029 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00030 *
00031 */
00032
00033
00034 #include <stdlib.h>
00035 #include <stdio.h>
00036
00037 #include <pcap.h>
00038
00039 #define LINE_LEN 16
00040
00041
00042 main(int argc, char **argv)
00043 {
00044 pcap_if_t *alldevs, *d;
00045 pcap_t *fp;
00046 u_int inum, i=0;
00047 char errbuf[PCAP_ERRBUF_SIZE];
00048 int res;
00049 struct pcap_pkthdr *header;
00050 u_char *pkt_data;
00051
00052 printf("pktdump_ex: prints the packets of the network using WinPcap.\n");
00053 printf(" Usage: pktdump_ex [-s source]\n\n"
00054 " Examples:\n"
00055 " pktdump_ex -s file://c:/temp/file.acp\n"
00056 " pktdump_ex -s rpcap://\\Device\\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998}\n\n");
00057
00058 if(argc < 3)
00059 {
00060
00061 printf("\nNo adapter selected: printing the device list:\n");
00062 /* The user didn't provide a packet source: Retrieve the local device list */
00063 if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
00064 {
00065 fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
00066 exit(1);
00067 }
00068
00069 /* Print the list */
00070 for(d=alldevs; d; d=d->next)
00071 {
00072 printf("%d. %s\n ", ++i, d->name);
00073
00074 if (d->description)
00075 printf(" (%s)\n", d->description);
00076 else
00077 printf(" (No description available)\n");
00078 }
00079
00080 if (i==0)
00081 {
00082 printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
00083 return -1;
00084 }
00085
00086 printf("Enter the interface number (1-%d):",i);
00087 scanf("%d", &inum);
00088
00089 if (inum < 1 || inum > i)
00090 {
00091 printf("\nInterface number out of range.\n");
00092
00093 /* Free the device list */
00094 pcap_freealldevs(alldevs);
00095 return -1;
00096 }
00097
00098 /* Jump to the selected adapter */
00099 for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
00100
00101 /* Open the device */
00102 if ( (fp= pcap_open(d->name,
00103 100 /*snaplen*/,
00104 PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
00105 20 /*read timeout*/,
00106 NULL /* remote authentication */,
00107 errbuf)
00108 ) == NULL)
00109 {
00110 fprintf(stderr,"\nError opening adapter\n");
00111 return -1;
00112 }
00113 }
00114 else
00115 {
00116 // Do not check for the switch type ('-s')
00117 if ( (fp= pcap_open(argv[2],
00118 100 /*snaplen*/,
00119 PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
00120 20 /*read timeout*/,
00121 NULL /* remote authentication */,
00122 errbuf)
00123 ) == NULL)
00124 {
00125 fprintf(stderr,"\nError opening source: %s\n", errbuf);
00126 return -1;
00127 }
00128 }
00129
00130 /* Read the packets */
00131 while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
00132 {
00133
00134 if(res == 0)
00135 /* Timeout elapsed */
00136 continue;
00137
00138 /* print pkt timestamp and pkt len */
00139 printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
00140
00141 /* Print the packet */
00142 for (i=1; (i < header->caplen + 1 ) ; i++)
00143 {
00144 printf("%.2x ", pkt_data[i-1]);
00145 if ( (i % LINE_LEN) == 0) printf("\n");
00146 }
00147
00148 printf("\n\n");
00149 }
00150
00151 if(res == -1)
00152 {
00153 printf("Error reading the packets: %s\n", pcap_geterr(fp));
00154 return -1;
00155 }
00156
00157 return 0;
00158 }[/code]
Packet Filter
This is a more complete example of libpcap usage. It shows, among other things, how to create and set filters and how to save a capture to disk. It can be compiled under Win32 or Unix (projects and makefiles are provided). Pcap_filter (pf.exe) is a general-purpose packet filtering application: its input parameters are a source of packets (it can be a physical interface or a file), a filter and an output file. It takes packets from the source until CTRL+C is pressed or the whole file is processed, applies the filter to the incoming packets and saves them to the output file if they satisfy the filter. Pcap_filter can be used to dump network data according to a particular filter, but also to extract a set of packets from a previously saved file. The format of both input and output files is the format used by libpcap, i.e. same of WinDump, tcpdump and many other network tools.
[code]/*
* Copyright (c) 1999 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#define MAX_PRINT 80
#define MAX_LINE 16
void usage();
void main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char *source=NULL;
char *ofilename=NULL;
char *filter=NULL;
int i;
pcap_dumper_t *dumpfile;
struct bpf_program fcode;
bpf_u_int32 NetMask;
int res;
struct pcap_pkthdr *header;
u_char *pkt_data;
if (argc == 1)
{
usage();
return;
}
for(i=1;i < argc; i+= 2)
{
switch (argv[i] [1])
{
case 's':
{
source=argv[i+1];
};
break;
case 'o':
{
ofilename=argv[i+1];
};
break;
case 'f':
{
filter=argv[i+1];
};
break;
}
}
// open a capture from the network
if (source != NULL)
{
if ( (fp= pcap_open(source,
1514 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter.\n");
return;
}
}
else usage();
if (filter != NULL)
{
// We should loop through the adapters returned by the pcap_findalldevs_ex()
// in order to locate the correct one.
//
// Let's do things simpler: we suppose to be in a C class network ;-)
NetMask=0xffffff;
//compile the filter
if(pcap_compile(fp, &fcode, filter, 1, NetMask) < 0)
{
fprintf(stderr,"\nError compiling filter: wrong syntax.\n");
return;
}
//set the filter
if(pcap_setfilter(fp, &fcode)<0)
{
fprintf(stderr,"\nError setting the filter\n");
return;
}
}
//open the dump file
if (ofilename != NULL)
{
dumpfile= pcap_dump_open(fp, ofilename);
if (dumpfile == NULL)
{
fprintf(stderr,"\nError opening output file\n");
return;
}
}
else usage();
//start the capture
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{
if(res == 0)
/* Timeout elapsed */
continue;
//save the packet on the dump file
pcap_dump((unsigned char *) dumpfile, header, pkt_data);
}
}
void usage()
{
printf("\npf - Generic Packet Filter.\n");
printf("\nUsage:\npf -s source -o output_file_name [-f filter_string]\n\n");
exit(0);
}[/code]
[code]00001 /*
00002 * Copyright (c) 1999 - 2003
00003 * NetGroup, Politecnico di Torino (Italy)
00004 * All rights reserved.
00005 *
00006 * Redistribution and use in source and binary forms, with or without
00007 * modification, are permitted provided that the following conditions
00008 * are met:
00009 *
00010 * 1. Redistributions of source code must retain the above copyright
00011 * notice, this list of conditions and the following disclaimer.
00012 * 2. Redistributions in binary form must reproduce the above copyright
00013 * notice, this list of conditions and the following disclaimer in the
00014 * documentation and/or other materials provided with the distribution.
00015 * 3. Neither the name of the Politecnico di Torino nor the names of its
00016 * contributors may be used to endorse or promote products derived from
00017 * this software without specific prior written permission.
00018 *
00019 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
00020 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
00021 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
00022 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
00023 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00024 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
00025 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00026 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
00027 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
00028 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
00029 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00030 *
00031 */
00032
00033
00034 #include <stdlib.h>
00035 #include <stdio.h>
00036
00037 #include <pcap.h>
00038
00039 #define MAX_PRINT 80
00040 #define MAX_LINE 16
00041
00042
00043 void usage();
00044
00045
00046 void main(int argc, char **argv)
00047 {
00048 pcap_t *fp;
00049 char errbuf[PCAP_ERRBUF_SIZE];
00050 char *source=NULL;
00051 char *ofilename=NULL;
00052 char *filter=NULL;
00053 int i;
00054 pcap_dumper_t *dumpfile;
00055 struct bpf_program fcode;
00056 bpf_u_int32 NetMask;
00057 int res;
00058 struct pcap_pkthdr *header;
00059 u_char *pkt_data;
00060
00061 if (argc == 1)
00062 {
00063 usage();
00064 return;
00065 }
00066
00067 for(i=1;i < argc; i+= 2)
00068 {
00069
00070 switch (argv[i] [1])
00071 {
00072 case 's':
00073 {
00074 source=argv[i+1];
00075 };
00076 break;
00077
00078 case 'o':
00079 {
00080 ofilename=argv[i+1];
00081 };
00082 break;
00083
00084 case 'f':
00085 {
00086 filter=argv[i+1];
00087 };
00088 break;
00089 }
00090 }
00091
00092 // open a capture from the network
00093 if (source != NULL)
00094 {
00095 if ( (fp= pcap_open(source,
00096 1514 /*snaplen*/,
00097 PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
00098 20 /*read timeout*/,
00099 NULL /* remote authentication */,
00100 errbuf)
00101 ) == NULL)
00102 {
00103 fprintf(stderr,"\nUnable to open the adapter.\n");
00104 return;
00105 }
00106 }
00107
00108 else usage();
00109
00110 if (filter != NULL)
00111 {
00112 // We should loop through the adapters returned by the pcap_findalldevs_ex()
00113 // in order to locate the correct one.
00114 //
00115 // Let's do things simpler: we suppose to be in a C class network ;-)
00116 NetMask=0xffffff;
00117
00118 //compile the filter
00119 if(pcap_compile(fp, &fcode, filter, 1, NetMask) < 0)
00120 {
00121 fprintf(stderr,"\nError compiling filter: wrong syntax.\n");
00122 return;
00123 }
00124
00125 //set the filter
00126 if(pcap_setfilter(fp, &fcode)<0)
00127 {
00128 fprintf(stderr,"\nError setting the filter\n");
00129 return;
00130 }
00131
00132 }
00133
00134 //open the dump file
00135 if (ofilename != NULL)
00136 {
00137 dumpfile= pcap_dump_open(fp, ofilename);
00138
00139 if (dumpfile == NULL)
00140 {
00141 fprintf(stderr,"\nError opening output file\n");
00142 return;
00143 }
00144 }
00145 else usage();
00146
00147 //start the capture
00148 while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
00149 {
00150
00151 if(res == 0)
00152 /* Timeout elapsed */
00153 continue;
00154
00155 //save the packet on the dump file
00156 pcap_dump((unsigned char *) dumpfile, header, pkt_data);
00157
00158 }
00159 }
00160
00161
00162 void usage()
00163 {
00164
00165 printf("\npf - Generic Packet Filter.\n");
00166 printf("\nUsage:\npf -s source -o output_file_name [-f filter_string]\n\n");
00167 exit(0);
00168 }[/code] 上次在我的WINDOWS下装CYGWIN用到了这个 [s:44] ,可是我还是不明白它有什么用?只是一个函数库吗?
页:
[1]