WinPcap编程渐进教程(e文)

原创 2004年10月27日 23:45:00

This section shows how to exploit the different features of the WinPcap API. It is organized as a tutorial, subdivided in a set of lessons that will guide the reader step by step inside the art of programming WinPcap, from the simple basic functions (obtaining the adapters list, starting a capture) to the most advanced ones (handling send queues, gathering statistics about network traffic).
Several code snippets, as well as simple but complete programs are provided as a reference: all this source code contains links to the rest of the manual, therefore it is possible to click on the functions and data structure to jump to their documentation.

The samples are written in plain C, so a basic knowledge of C programming is required. Also, since this is a tutorial on a library for raw networking, good knowledge of networks and protocols is assumed.

Obtaining the device list
[WinPcap tutorial: a step by step guide to program WinPcap]

The first thing that usually a WinPcap based application needs is a list of suitable network adapters. Libpcap provides the pcap_findalldevs() function for this purpose: this function returns a linked list of pcap_if structures, each of which contains comprehensive information about an adapter. In particular the fields name and description contain the name and a human readable description of the device.

The following code retrieves the adapter list and shows it on the screen, printing an error if no adapters are found.

#include "pcap.h"

main()
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int i=0;
    char errbuf[PCAP_ERRBUF_SIZE];
    
    /* Retrieve the device list */
    if (pcap_findalldevs(&alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs: %s/n", errbuf);
        exit(1);
    }
    
    /* Print the list */
    for(d=alldevs;d;d=d->next)
    {
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)/n", d->description);
        else            printf(" (No description available)/n");
    }
    
    if(i==0)
    {
        printf("/nNo interfaces found! Make sure WinPcap is installed./n");
        return;
    }

    /* We don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);
}

Some comments about this code.

First of all, pcap_findalldevs(), like other libpcap functions, has an errbuf parameter. This parameter points to a string filled by libpcap with a description of the error if something goes wrong.

Second, note that pcap_findalldevs() is provided by libpcap under Unix as well, but remember that not all the OSes supported by libpcap provide a description of the network interfaces, therefore if we want to write a portable application, we must consider the case in which description is null: we print the string "No description available" in that situation.

Note finally that we free the list with pcap_freealldevs() once when we have finished with it.

Let's try to compile and run the code of this first sample. In order to compile it under Unix or Cygwin, simply issue a:

gcc -o testaprog testprog.c -lpcap

On Windows, you will need to create a project, following the instructions in the "Using WinPcap in your programs " section of this manual. However, I suggest you to use the WinPcap developer's pack (available at the WinPcap website, http://winpcap.polito.it ), that provides a lot of properly configured example apps, all the code presented in this tutorial and all the projects, includes and libraries needed to compile and run the samples.

Assuming we have compiled the program, let's try to run it. On my WinXP workstation, the result is

1. {4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029(AS) Ethernet Adapter)
2. {5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3Com EtherLink PCI)

As you can see, the name of the network adapters (that will be passed to libpcap when opening the devices) under Windows are quite unreadable, so the description near them can be very useful to the user.

WinPcap编程渐进教程

原文出处:http://winpcap.polito.it/docs/man/html/index.html 作者: Loris Degioanni (degioanni@polito.it), Ne...
  • yaneng
  • yaneng
  • 2009年06月19日 10:40
  • 605

WinPcap编程渐进教程(中文)

WinPcap 教程 原文出处:http://winpcap.polito.it/docs/man/html/index.html 作者: Loris Degioanni (degioanni@pol...
  • xfreeboy
  • xfreeboy
  • 2004年10月27日 23:34
  • 5731

Winpcap网络编程七之Winpcap学习教程,抓包,抓包!

获取完适配器信息之后,我们就需要利用适配器来
  • u010467643
  • u010467643
  • 2014年10月09日 09:41
  • 3591

WinPcap编程【1】--编程环境的设置

vs2008.1、安装winpcap官网下载地址http://www.winpcap.org/install/bin/WinPcap_4_1_1.exe 安装so easy,不多说了。2、下载WinP...
  • wu_huiwen
  • wu_huiwen
  • 2010年04月10日 15:06
  • 7128

Winpcap网络编程八之Winpcap学习教程,发包,发包!

时间问题,  使用 pcap_sendpacket() 发送单个数据包 下面的代码展示了发送一个数据包的最简单的方式。打开适配器以后,调用 pcap_sendpacket() 来发送手工制...
  • u010467643
  • u010467643
  • 2014年10月18日 19:00
  • 4167

winpcap的一个小的抓包测试程序

#include "pcap.h" #include #pragma comment(lib,"Ws2_32.lib") #pragma comment(lib,"wpcap.lib") v...
  • fengzhishang2019
  • fengzhishang2019
  • 2011年12月09日 18:34
  • 3819

pcap文件分析-下之winpcap编程入门

0.环境、代码版本与编译器 windows + WpdPack_4_1_2.zip + visual studio 2005 1.winpcap工程概览 解开WpdPack_4_1_...
  • u013427969
  • u013427969
  • 2016年09月20日 23:50
  • 970

winpcap安装使用教程

1、安装winpcap 地址:http://www.winpcap.org/install/default.htm =》安装软件 地址:http://www.winpcap.org/archive =...
  • qq_29350467
  • qq_29350467
  • 2015年06月27日 20:52
  • 6127

Winpcap网络编程九之Winpcap实战,ARP协议获得MAC表及主机通信

利用Winpcap 完成两台主机之间的数据通信(数据链路层) 仿真ARP协议获得网段内主机的MAC表 使用帧完成两台主机的通信(Hello! I’m …)...
  • u010467643
  • u010467643
  • 2014年10月18日 20:45
  • 6141

计算机网络课程设计--基于winpcap实现简单的抓包

山东大学计算机网络课程设计 基于winpcap实现网络编程 实现网络抓包
  • u012866869
  • u012866869
  • 2014年10月22日 00:54
  • 1524
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:WinPcap编程渐进教程(e文)
举报原因:
原因补充:

(最多只允许输入30个字)