使用pcap_findalldevs_ex()函数编程,在文档中是这样介绍这个函数的:
This function is a superset of the old 'pcap_findalldevs()', which is obsolete, and which allows listing only the devices present on the local machine. Vice versa, pcap_findalldevs_ex() allows listing the devices present on a remote machine as well.
查看错误的地方:
之后,修改为:
程序终于正常运行!
This function is a superset of the old 'pcap_findalldevs()', which is obsolete, and which allows listing only the devices present on the local machine. Vice versa, pcap_findalldevs_ex() allows listing the devices present on a remote machine as well.
简单说pcap_findalldevs_ex()是pcap_findalldevs()的一个超集, 他不仅可以获取本地的设备列表,还可以获取远程计算机的社别列表,但是在将pcap_findalldevs()换成pcap_findalldevs_ex()的过程中却出现了意想不到的错误:(代码如下)
#include <iostream.h>
#include <stdio.h>
#include <pcap.h>
#define _CRT_SECURE_NO_WARNINGS
#pragma comment (lib,"wpcap.lib")
void packet_handler(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data);
int main()
{
pcap_t *cap_ins_des;
pcap_if_t *alldevs;
pcap_if_t *d;
char errbuf[PCAP_ERRBUF_SIZE];
int i;
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) {
printf("%s\n", errbuf);
exit(-1);
}
d = alldevs;
while (d != NULL) {
printf("%s\n", d->description == NULL ? NULL : d->description);
d = d->next;
}
d = alldevs;
scanf("%d", &i);
while (i--)
d = d->next;
cap_ins_des = pcap_open(d->name, 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf);
if (cap_ins_des == NULL) {
printf("%s\n", errbuf);
exit(-1);
}
pcap_freealldevs(alldevs);
pcap_loop(cap_ins_des, 30 , packet_handler, NULL);
return 0;
}
void packet_handler(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
{
time_t time = pkt_header->ts.tv_sec;
struct tm *ltime = localtime(&time);
char timestr[16];
(VOID)user;
(VOID)pkt_data;
strftime(timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s. %d, %d, %d\n", timestr, pkt_header->ts.tv_usec, pkt_header->caplen, pkt_header->len);
}
出现错误如下:
--------------------Configuration: 2 - Win32 Debug--------------------
Compiling...
2.cpp
c:\users\administrator\desktop\mfc__temp\2.cpp(19) : error C2065: 'pcap_findalldevs_ex' : undeclared identifier
c:\users\administrator\desktop\mfc__temp\2.cpp(19) : error C2065: 'PCAP_SRC_IF_STRING' : undeclared identifier
c:\users\administrator\desktop\mfc__temp\2.cpp(36) : error C2065: 'pcap_open' : undeclared identifier
c:\users\administrator\desktop\mfc__temp\2.cpp(36) : error C2065: 'PCAP_OPENFLAG_PROMISCUOUS' : undeclared identifier
c:\users\administrator\desktop\mfc__temp\2.cpp(36) : error C2440: '=' : cannot convert from 'int' to 'struct pcap *'
Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
执行 cl.exe 时出错.
2.obj - 1 error(s), 0 warning(s)
有人说这是wincap的一个失误,忘记把该函数的声明文件包含进去了,我打开pcap.h看了一下,确实没有pcap_findalldevs_ex函数的声明,其实,现在的Winpcap做了更新,因为winpcap现在增加了远程捕获的功能, 在pcap_findalldevs_ex和pcap_open函数中增加了远程主机身份验证的参数struct pcap_rmtauth * auth,所以将两个函数的定义转移到remote-ext.h中去了。
所以现在使用这两个参数的时候需要包含#include <remote-ext.h> ,但包含之后又出现问题:
--------------------Configuration: 2 - Win32 Debug--------------------
Compiling...
2.cpp
c:\program files\microsoft visual studio\vc98\include\remote-ext.h (39) : fatal error C1189: #error : Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h
执行 cl.exe 时出错.
Creating browse info file...
BSCMAKE: error BK1506 : cannot open file '.\Debug\2.sbr': No such file or directory
执行 bscmake.exe 时出错.
2.exe - 1 error(s), 0 warning(s)
查看错误的地方:
#ifndef HAVE_REMOTE
#error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h
#endif
之后,修改为:
#include <stdio.h>
#define HAVE_REMOTE
#include <pcap.h>
程序终于正常运行!