<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } A:link { so-language: zxx } -->
WinPcap 导引:使用WinPcap 简明指导
WinPcap tutorial:a step by step guide to using WinPcap
翻译自WinPcap 开发包的帮助文档-俞凌峰
第二篇: 获得设备的高级信息
Obtaining advanced information about installed devices
Lesson 1 (Obtaining the device list) demonstrated how to get basic information(i.e.device name and description)about available adapters.Actually,WinPcap provides also other advanced information.In particular,every pcap_if structure returned by pcap_findalldevs_ex() contains also a list of pcap_addr structures,with:
a list of addresses for that interface.
a list of netmasks(each of which corresponds to an entry in the addresses list).
a list of broadcast addresses(each of which corresponds to an entry in the addresses list).
a list of destination addresses(each of which corresponds to an entry in the addresses list).
第一章( 获得网络设备列表) 展示了如何获得可供使用的网络适配器的基本信息( 如适配器名字和描述字段) 。事实上,WinPcap 还提供了一些额外高级信息。一般来讲,每一个由pcap_findalldevs_ex() 函数返回的pcap_if 结构体都包含了一个pcap_addr 结构体列表,具体如下:
一个接口地址列表。
一个网络掩码列表。( 每一个对应于一个地址列表的入口)
一个广播地址列表。( 每一个对应于一个地址列表的入口)
一个目的地址列表。( 每一个对应于一个地址列表的入口)
Additionally,pcap_findalldevs_ex() can also return remote adapters and a list of pcap files that are located in a given local folder 。
The following sample provides an ifprint() function that prints the complete contents of a pcap_if structure.it is invoked by the program for every entry returned by pcap_findalldevs_ex().
pcap_findalldevs_ex() 函数还可以返回远端的网络适配器或者指定路径下的pcap 文件的信息。
以下的例子演示了ifprint() 函数来打印一个pcap_if 结构体的所有内容。
/*code
/*
*Copyright © 1999 – 2005 NetGroup, Politecnico di Torino (Italy)
*Copyright © 2005 – 2006 CACE Technologies, Davis (California)
*All rights reserved.
*
*Redistribution and use in source and binary forms,with or without *modification, are permitted provided that the following conditions are met:
*1. Redistributions of source code must retain the above copyright notice, this *list of conditions and the following disclaimer.
*2. Redistributions in binary form must reproduce the above copyright notic,this *list of conditions and the following disclaimer in the documentation and/or *other materials provided with the distribution.
*3. Neither the name of the Politencnico di Torino,CASE Technologies nor the *names of its contributors may be used to endorse or promote products derived *from this software without specific prior written permission.
*THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” *AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,BUT NOT LIMITED TO,THE IMPLIED *WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE *DISCLAIMED.IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *ANY DIRECT, INDIRECT, INCIDENTAL,SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES *(INCLUDING,BUT NOT LIMITED TO,PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS *OF USE,DATA,OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY *THEORY OF LIABILITY,WHETHER IN CONTRACT,STRICT LIABILITY,OR TORT )INCLUDING *NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, *EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include “pcap.h”
#ifndef WIN32
#include <sys/socket.h>
#include <netinet/in.h>
#else
#include <winsock.h>
#endif
//Function prototypes
void ifprint(pcap_if_t *d);
char *iptos(u_long in);
char *ip6tos(struct sockaddr *sockaddr, char *address, int addrlen);
int main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
char errbuf[PCAP_ERRBUF_SIZE + 1];
char source[PCAP_ERRBUF_SIZE + 1];
printf(“Enter the device you want to list:/n”
“rpcap:// ==> lists interfaces in the local machine/n”
“rpcap://hostname:port ==> lists interfaces in a remote machine/n”
“ (rpcapd daemon must be up and running/n”
“ and it must accept 'null' authentication)/n”
“file://foldername ==> lists all pcap files in the give folder/n/n”
“Enter your choice: “);
fgets(source, PCAP_ERRBUF_SIZE, stdin);
source[PCAP_ERRBUF_SIZE] = '/0';
/* Retrieve the interfaces list */
if (pcap_findalldevs_ex(source, NULL, &alldevs, errbuf ) == -1)
{
fprintf(stderr, “Error in pcap_findalldevs: %s/n”,errbuf);
exit(1);
}
/*Scan the list printing every entry*/
for (d = alldevs; d; d=d->next)
{
ifprint(d);
}
pcap_freealldevs(alldevs);
return 1;
}
/* Print all the available information on the given interface*/
void ifprint(pcap_if_t *d)
{
pcap_addr_t *a;
char ip6str[128];
/*Name*/
printf(“%s/n”,d->name);
/*Description*/
if (d->description)
printf(“/tDescription: %s/n”, d->description);
/*Loopback Address*/
printf(“/tLoopback: %s/n”,(d->flags & PCAP_IF_LOOPBACK)?”yes”:”no”);
/*IP addresses*/
for(a = d->addresses; a; a=a->next) {
printf(“/tAddress Family: #%d/n”, a->addr->sa_family);
switch(a->addr->sa_family)
{
case AF_INET:
printf(“/tAddress Family Name: AF_INET/n”);
if (a->addr)
printf(“/tAddress: %s/n”, iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr));
if (a->netmask)
printf(“/tNetmask: %s/n”,iptos(((struct sockaddr_in *)a->netmask)->sin_addr.s_addr));
if (a->broadaddr)
printf(“/tBroadcast Address: %s/n”,iptos(((struct sockaddr_in *)a->broadaddr)->sin_addr.s_addr));
if (a->dstaddr)
printf(“/tDestination Address: %s/n”, iptos(((struct sockaddr_in *)a->dstaddr)->sin_addr.s_addr));
break;
case AF_INET6:
printf(“/tAddress Family Name: AF_INET6/n”);
if (a->addr)
printf(“/tAddress: %s/n”, ip6tos(a->addr,ip6str,sizeof(ip6str)));
break;
default:
printf(“/tAddress Family Name: Unknown/n”);
break;
}
}
printf(“/n”);
}
/*From tcptraceroute, convert a numeric IP address to a string*/
#define IPTOSBUFFERS 12
char *iptos(u_long in)
{
static char output[IPTOSBUFFERS][3*4+3+1];
static short which;
u_char *p;
p = (u_char *)∈
which = (which + 1 == IPTOSBUFFERS ? 0:which + 1);
sprintf(output[which], “%d.%d.%d.%d”, p[0], p[1], p[2], p[3]);
return output[which];
}
char *ip6tos(struct sockaddr *sockaddr, char *address, int addrlen)
{
socklen_t sockaddrlen;
#ifdef WIN32
sockaddrlen = sizeof(struct sockaddr_in6);
#else
sockaddrlen = sizeof(struct sockaddr_storage);
#endif
if(getnameinfo(sockaddr,
sockaddrlen,
address,
addresslen,
NULL,
0,
NT_NUMERICHOST) != 0) address = NULL;
return address;
}