原创 2004年10月27日 23:45:00

This section shows how to exploit the different features of the WinPcap API. It is organized as a tutorial, subdivided in a set of lessons that will guide the reader step by step inside the art of programming WinPcap, from the simple basic functions (obtaining the adapters list, starting a capture) to the most advanced ones (handling send queues, gathering statistics about network traffic).
Several code snippets, as well as simple but complete programs are provided as a reference: all this source code contains links to the rest of the manual, therefore it is possible to click on the functions and data structure to jump to their documentation.

The samples are written in plain C, so a basic knowledge of C programming is required. Also, since this is a tutorial on a library for raw networking, good knowledge of networks and protocols is assumed.

Obtaining the device list
[WinPcap tutorial: a step by step guide to program WinPcap]

The first thing that usually a WinPcap based application needs is a list of suitable network adapters. Libpcap provides the pcap_findalldevs() function for this purpose: this function returns a linked list of pcap_if structures, each of which contains comprehensive information about an adapter. In particular the fields name and description contain the name and a human readable description of the device.

The following code retrieves the adapter list and shows it on the screen, printing an error if no adapters are found.

#include "pcap.h"

    pcap_if_t *alldevs;
    pcap_if_t *d;
    int i=0;
    char errbuf[PCAP_ERRBUF_SIZE];
    /* Retrieve the device list */
    if (pcap_findalldevs(&alldevs, errbuf) == -1)
        fprintf(stderr,"Error in pcap_findalldevs: %s/n", errbuf);
    /* Print the list */
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)/n", d->description);
        else            printf(" (No description available)/n");
        printf("/nNo interfaces found! Make sure WinPcap is installed./n");

    /* We don't need any more the device list. Free it */

Some comments about this code.

First of all, pcap_findalldevs(), like other libpcap functions, has an errbuf parameter. This parameter points to a string filled by libpcap with a description of the error if something goes wrong.

Second, note that pcap_findalldevs() is provided by libpcap under Unix as well, but remember that not all the OSes supported by libpcap provide a description of the network interfaces, therefore if we want to write a portable application, we must consider the case in which description is null: we print the string "No description available" in that situation.

Note finally that we free the list with pcap_freealldevs() once when we have finished with it.

Let's try to compile and run the code of this first sample. In order to compile it under Unix or Cygwin, simply issue a:

gcc -o testaprog testprog.c -lpcap

On Windows, you will need to create a project, following the instructions in the "Using WinPcap in your programs " section of this manual. However, I suggest you to use the WinPcap developer's pack (available at the WinPcap website, ), that provides a lot of properly configured example apps, all the code presented in this tutorial and all the projects, includes and libraries needed to compile and run the samples.

Assuming we have compiled the program, let's try to run it. On my WinXP workstation, the result is

1. {4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029(AS) Ethernet Adapter)
2. {5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3Com EtherLink PCI)

As you can see, the name of the network adapters (that will be passed to libpcap when opening the devices) under Windows are quite unreadable, so the description near them can be very useful to the user.


原文出处: 作者: Loris Degioanni (, Ne...
  • yaneng
  • yaneng
  • 2009年06月19日 10:40
  • 605


WinPcap 教程 原文出处: 作者: Loris Degioanni (degioanni@pol...
  • xfreeboy
  • xfreeboy
  • 2004年10月27日 23:34
  • 5731


  • u010467643
  • u010467643
  • 2014年10月09日 09:41
  • 3591


vs2008.1、安装winpcap官网下载地址 安装so easy,不多说了。2、下载WinP...
  • wu_huiwen
  • wu_huiwen
  • 2010年04月10日 15:06
  • 7128


时间问题,  使用 pcap_sendpacket() 发送单个数据包 下面的代码展示了发送一个数据包的最简单的方式。打开适配器以后,调用 pcap_sendpacket() 来发送手工制...
  • u010467643
  • u010467643
  • 2014年10月18日 19:00
  • 4167


#include "pcap.h" #include #pragma comment(lib,"Ws2_32.lib") #pragma comment(lib,"wpcap.lib") v...
  • fengzhishang2019
  • fengzhishang2019
  • 2011年12月09日 18:34
  • 3819


0.环境、代码版本与编译器 windows + + visual studio 2005 1.winpcap工程概览 解开WpdPack_4_1_...
  • u013427969
  • u013427969
  • 2016年09月20日 23:50
  • 970


1、安装winpcap 地址: =》安装软件 地址: =...
  • qq_29350467
  • qq_29350467
  • 2015年06月27日 20:52
  • 6127


利用Winpcap 完成两台主机之间的数据通信(数据链路层) 仿真ARP协议获得网段内主机的MAC表 使用帧完成两台主机的通信(Hello! I’m …)...
  • u010467643
  • u010467643
  • 2014年10月18日 20:45
  • 6141


山东大学计算机网络课程设计 基于winpcap实现网络编程 实现网络抓包
  • u012866869
  • u012866869
  • 2014年10月22日 00:54
  • 1524