Winpcap抓包 实现

Winpcap实现
一配置
项目→属性→配置属性→C/C++→在右边的包含目录里添加你winpcap文件夹里include文件夹所在的位置；项目→属性→配置属性→在点击链接器选项，在右边的附加库目录里添加lib 文件夹所在的位置；项目→属性→配置属性→C/C++→预处理定义，WPCAP;HAVE_REMOTE; 项目→属性→配置属性→链接器→输入，在右边附加依赖项里添加上：wpcap.lib ws2_32.lib。

1 获取适配器列表
#include <pcap.h>
int _tmain(int argc, _TCHAR* argv[])
{
pcap_if_t * allAdapters;//适配器列表
pcap_if_t * adapter;
char errorBuffer[ PCAP_ERRBUF_SIZE ];//错误信息缓冲区
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL,
&allAdapters, errorBuffer ) == -1 )
{//检索机器连接的所有网络适配器
fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer ); return -1;
}
if( allAdapters == NULL )
{//不存在人任何适配器
printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
return 0;
}
int crtAdapter = 0;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf( "\n%d.%s ", ++crtAdapter, adapter->name );
printf( "-- %s\n", adapter->description );
}
printf( "\n" );
pcap_freealldevs( allAdapters );//释放适配器列表
system( "PAUSE" );
return 0;
}
运行结果
2 打开指定适配器并捕获数据包
#include <pcap.h>
int _tmain(int argc, _TCHAR* argv[])
{
pcap_if_t * allAdapters;//适配器列表
pcap_if_t * adapter;
pcap_t * adapterHandle;//适配器句柄
struct pcap_pkthdr * packetHeader;
const u_char * packetData;
char errorBuffer[ PCAP_ERRBUF_SIZE ];//错误信息缓冲区
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL,
&allAdapters, errorBuffer ) == -1 )
{//检索机器连接的所有网络适配器
fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer ); return -1;
}
if( allAdapters == NULL )
{//不存在任何适配器
printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
return 0;
}
int crtAdapter = 0;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf( "\n%d.%s ", ++crtAdapter, adapter->name );
printf( "-- %s\n", adapter->description );
}
printf( "\n" );
//选择要捕获数据包的适配器
int adapterNumber;
printf( "Enter the adapter number between 1 and %d:", crtAdapter );
scanf_s( "%d", &adapterNumber );
if( adapterNumber < 1 || adapterNumber > crtAdapter )
{
printf( "\nAdapter number out of range.\n" );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
adapter = allAdapters;
for( crtAdapter = 0; crtAdapter < adapterNumber - 1; crtAdapter++ )
adapter = adapter->next;
// 打开指定适配器
adapterHandle = pcap_open( adapter->name, // name of the adapter
65536, // portion of the packet to capture // 65536 guarantees that the whole // packet will be captured
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout - 1 millisecond
NULL, // authentication on the remote machine errorBuffer // error buffer
);
if( adapterHandle == NULL )
{//指定适配器打开失败
fprintf( stderr, "\nUnable to open the adapter\n", adapter->name );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
printf( "\nCapture session started on adapter %s \n", adapter->name );
pcap_freealldevs( allAdapters );//释放适配器列表
// 开始捕获数据包
int retValue;
while( ( retValue = pcap_next_ex( adapterHandle,
&packetHeader,
&packetData ) ) >= 0 )
{
// timeout elapsed if we reach this point
if( retValue == 0 )
continue;
//打印捕获数据包的信息
printf( "length of packet: %d\n", packetHeader->len );
}
// if we get here, there was an error reading the packets
if( retValue == -1 )
{
printf( "Error reading the packets: %s\n", pcap_geterr( adapterHandle ) ); return -1;
}
system( "PAUSE" );
return 0;
}
运行结果
3 发送数据封包
#include <pcap.h>
int _tmain(int argc, _TCHAR* argv[])
{
pcap_if_t * allAdapters;//适配器列表
pcap_if_t * adapter;
pcap_t * adapterHandle;//适配器句柄
u_char packet[ 20 ]; //待发送的数据封包
char errorBuffer[ PCAP_ERRBUF_SIZE ];//错误信息缓冲区
if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL,
&allAdapters, errorBuffer ) == -1 )
{//检索机器连接的所有网络适配器
fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer ); return -1;
}
if( allAdapters == NULL )
{//不存在人任何适配器
printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
return 0;
}
int crtAdapter = 0;
for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf( "\n%d.%s ", ++crtAdapter, adapter->name );
printf( "-- %s\n", adapter->description );
}
printf( "\n" );
//选择适配器
int adapterNumber;
printf( "Enter the adapter number between 1 and %d:", crtAdapter );
scanf_s( "%d", &adapterNumber );
if( adapterNumber < 1 || adapterNumber > crtAdapter )
{
printf( "\nAdapter number out of range.\n" );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
adapter = allAdapters;
for( crtAdapter = 0; crtAdapter < adapterNumber - 1; crtAdapter++ )
adapter = adapter->next;
// 打开指定适配器
adapterHandle = pcap_open( adapter->name, // name of the adapter
65536, // portion of the packet to capture // 65536 guarantees that the whole // packet will be captured
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout - 1 millisecond
NULL, // authentication on the remote machine errorBuffer // error buffer
);
if( adapterHandle == NULL )
{//指定适配器打开失败
fprintf( stderr, "\nUnable to open the adapter\n", adapter->name );
// 释放适配器列表
pcap_freealldevs( allAdapters );
return -1;
}
pcap_freealldevs( allAdapters );//释放适配器列表
//创建数据封包
// 设置目标的MAC地址为01 : 01 : 01 : 01 : 01 : 01
packet[0] = 0x01;
packet[1] = 0x01;
packet[2] = 0x01;
packet[3] = 0x01;
packet[4] = 0x01;
packet[5] = 0x01;
// 设置源的MAC地址为02 : 02 : 02 : 02 : 02 : 02
packet[6] = 0x02;
packet[7] = 0x02;
packet[8] = 0x02;
packet[9] = 0x02;
packet[10] = 0x02;
packet[11] = 0x02;
// 设置封包其他部分内容
for( int index = 12; index < 20; index++ )
{
packet[index] = 0xC4;
}
//发送数据封包
if( pcap_sendpacket( adapterHandle, // the adapter handle
packet, // the packet
20 // the length of the packet
) != 0 )
{
fprintf( stderr,"\nError sending the packet: \n",
pcap_geterr( adapterHandle ) );
return -1;
}
system( "PAUSE" );
return 0;
}
运行结果
#define _CRT_SECURE_NO_W ARNINGS
#include "pcap.h"
void packet_handler(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data); int main()
{
pcap_t *cap_ins_des;
pcap_if_t *alldevs;
pcap_if_t *d;
char source[PCAP_BUF_SIZE];
char errbuf[PCAP_ERRBUF_SIZE];
int i;
u_int netmask;
char packet_filter[] = "ip and udp"; // the filter
struct bpf_program fcode; // used in pcap_compile()
/* set the source */
if (pcap_createsrcstr(source, PCAP_SRC_IFLOCAL, NULL, NULL, NULL, errbuf) == -1)
{
printf("%s\n", errbuf);
exit(-1);
}
printf("source: %s\n", source);
/* find all devices */
if (pcap_findalldevs_ex(source, NULL, &alldevs, errbuf) == -1)
{
printf("%s\n", errbuf);
exit(-1);
}
/* choose one devices */
d = alldevs;
while (d != NULL)
{
printf("%s, %s\n", d->name, d->description);
d = d->next;
}
scanf("%d", &i);
d = alldevs;
while (--i) d = d->next;
printf("selected device: %s\n", d->name);
/* open one device */
cap_ins_des = pcap_open(d->name, 65536, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf);
if (cap_ins_des == NULL)
{
printf("%s\n", errbuf);
pcap_freealldevs(alldevs);
exit(-1);
}
/* get the netmask, used at compiling the filter */
if (d->addresses != NULL)
netmask = ((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;
/*@#$%^&*!*/
else netmask = 0xffffff;
/* 255.25.255.0 */
// netmask = 0;
/* compile the filter */
if (pcap_compile(cap_ins_des, &fcode, packet_filter, 1, netmask) < 0)
{
printf("Error\n");
pcap_freealldevs(alldevs);
exit(-1);
}
/* set the filter */
if (pcap_setfilter(cap_ins_des, &fcode) < 0)
{
printf("Error\n");
pcap_freealldevs(alldevs);
exit(-1);
}
pcap_freealldevs(alldevs);
/* start the capture */
pcap_loop(cap_ins_des, 30, packet_handler, NULL);
return 0;
}
void packet_handler(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) {
printf("in packet handler\n");
return;
}
运行结果。