Winpcap抓包 实现
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Winpcap实现
一配置
项目→属性→配置属性→C/C++→在右边的包含目录里添加你winpcap文件夹里include文件夹所在的位置;项目→属性→配置属性→在点击链接器选项,在右边的附加库目录里添加lib 文件夹所在的位置;项目→属性→配置属性→C/C++→预处理定义,WPCAP;HAVE_REMOTE; 项目→属性→配置属性→链接器→输入,在右边附加依赖项里添加上:wpcap.lib ws2_32.lib。
1 获取适配器列表
#include
int _tmain(int argc, _TCHAR* argv[])
{
pcap_if_t * allAdapters;//适配器列表
pcap_if_t * adapter;
char errorBuffer[ PCAP_ERRBUF_SIZE ];//错误信息缓冲区
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL,
&allAdapters, errorBuffer ) == -1 )
{//检索机器连接的所有网络适配器
fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer ); return -1;
}
if( allAdapters == NULL )
{//不存在人任何适配器
printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
return 0;
}
int crtAdapter = 0;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf( "\n%d.%s ", ++crtAdapter, adapter->name );
printf( "-- %s\n", adapter->description );
}
printf( "\n" );
pcap_freealldevs( allAdapters );//释放适配器列表
system( "PAUSE" );
return 0;
}
运行结果
2 打开指定适配器并捕获数据包
#include
int _tmain(int argc, _TCHAR* argv[])
{
pcap_if_t * allAdapters;//适配器列表
pcap_if_t * adapter;
pcap_t * adapterHandle;//适配器句柄
struct pcap_pkthdr * packetHeader;
const u_char * packetData;
char errorBuffer[ PCAP_ERRBUF_SIZE ];//错误信息缓冲区
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL,
&allAdapters, errorBuffer ) == -1 )
{//检索机器连接的所有网络适配器
fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer ); return -1;
}
if( allAdapters == NULL )
{//不存在任何适配器
printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
return 0;
}
int crtAdapter = 0;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf( "\n%d.%s ", ++crtAdapter, adapter->name );
printf( "-- %s\n", adapter->description );
}
printf( "\n" );
//选择要捕获数据包的适配器
int adapterNumber;
printf( "Enter the adapter number between 1 and %d:", crtAdapter );
scanf_s( "%d", &adapterNumber );
if( adapterNumber < 1 || adapterNumber > crtAdapter )
{
printf( "\nAdapter number out of range.\n" );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
adapter = allAdapters;
for( crtAdapter = 0; crtAdapter < adapterNumber - 1; crtAdapter++ )
adapter = adapter->next;
// 打开指定适配器
adapterHandle = pcap_open( adapter->name, // name of the adapter
65536, // portion of the packet to capture // 65536 guarantees that the whole // packet will be captured
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout - 1 millisecond
NULL, // authentication on the remote machine errorBuffer // error buffer
);
if( adapterHandle == NULL )
{//指定适配器打开失败
fprintf( stderr, "\nUnable to open the adapter\n", adapter->name );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
printf( "\nCapture session started on adapter %s \n", adapter->name );
pcap_freealldevs( allAdapters );//释放适配器列表
// 开始捕获数据包
int retValue;
while( ( retValue = pcap_next_ex( adapterHandle,
&packetHeader,
&packetData ) ) >= 0 )
{
// timeout elapsed if we reach this point
if( retValue == 0 )
continue;
//打印捕获数据包的信息
printf( "length of packet: %d\n", packetHeader->len );
}
// if we get here, there was an error reading the packets
if( retValue == -1 )
{