最近学习winpcap总算走上点道路了,呵呵,继续加油!!!
这次的代码比上次干净多了
#define WIN32
#define HAVE_REMOTE
#include <pcap.h>
#include <stdio.h>
#include <time.h>
int main(){
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
int res;
char errbuf[PCAP_ERRBUF_SIZE];
struct tm ltime;
char timestr[16];
struct pcap_pkthdr *header;
const u_char *pkt_data;
time_t local_tv_sec;
/* Retrieve the device list on the local machine */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf_s("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the device */
//Something about pcap_open()
/*
Open a generic source in order to capture / send (WinPcap only) traffic.
The pcap_open() replaces all the pcap_open_xxx() functions with a single call.
*/
if ( (adhandle= pcap_open( d->name, // name of the device
65536, <span style="white-space:pre"> </span>// portion of the packet to capture.
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, <span style="white-space:pre"> </span>// promiscuous mode
1000, <span style="white-space:pre"> </span>// read timeout
NULL, <span style="white-space:pre"> </span> <span style="white-space:pre"> </span>// authentication on the remote machine
errbuf <span style="white-space:pre"> </span>// error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
//Brief introduction of pcap_next_ex
/*
int pcap_next_ex (
pcap_t * p,
struct pcap_pkthdr ** pkt_header,
const u_char ** pkt_data
)
Read a packet from an interface or from an offline capture.
This function is used to retrieve the next available packet, bypassing the callback method traditionally provided by libpcap.
pcap_next_ex fills the pkt_header and pkt_data parameters (see pcap_handler()) with the pointers to the header and to the data of the next captured packet.
The return value can be:
1 if the packet has been read without problems
0 if the timeout set with pcap_open_live() has elapsed. In this case pkt_header and pkt_data don't point to a valid packet
-1 if an error occurred
-2 if EOF was reached reading from an offline capture
*/
while((res=pcap_next_ex(adhandle,&header,&pkt_data))>=0){
if(res==0){
/*Timeout elapsed*/
continue;
}
/*Convert the timestamp to readable format*/
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d caplen:%d\n ", timestr, header->ts.tv_usec, header->len, header->caplen);
//Q:header->len and header->caplen
/*
The data was the same....
so what's the difference
*/
//printf("%s\n",pkt_data);
}
if(res==-1){
printf("Error reading the packets: %s\n",pcap_geterr(adhandle));
return -1;
}
return 0;
}