Libpcap programming 2 (Libpcap function library Introduction)

Source: Internet
Author: User

1) libpcap, full name: Packet Capture library, that is, the data packet capture function library.

 

2) libpcap applications:

1. Intrusion Detection System

2. Network debugging

3. packet capture and filtering

4. Network statistics software

5. network sniffer

 

3) Main functions in the libpcap library

/*************************************** ***************

* Function name: pcap_open_live

* Function: Get the description of the packet capture used to capture network packets.

* Parameter description:

* Device: the name of the network device that is enabled.

* Snaplen: Maximum number of bytes of captured data

* Promisc: whether to set network interfaces to the hybrid mode

* To_ms: Specifies the timeout time (in milliseconds)

* Ebuf: error message

* Return value:

* Success: Description of the packet capture

* Failed: NULL

**************************************** ***************/

Pcap_t * pcap_open_live (char * device, int snaplen, int promisc, int to_ms, char * ebuf)

 

 

 

/*************************************** ***************

* Function name: pcap_lookupdev

* Function: Query network devices in the current system.

* Parameter description:

 

* Ebuf: error message

* Return value:

* Success: pointer to the name of the network device

* Failed: NULL

**************************************** **************/

Char * pcap_lookupdev (char * errbuf)

 

 

 

 

/*************************************** ***************

* Function name: pcap_lookupnet

* Function: Obtain the IP address and mask of the network device.

* Parameter description:

* Device: network device name

* Netp: IP Address

* Maskp: mask

 

* Ebuf: error message

* Return value:

* Success: Non-1

* Failed:-1

**************************************** ***************/

Int pcap_lookupnet (char * device, bpf_u_int32 * netp, bpf_u_int32 * maskp, char * errbuf)

 

 

 

/*************************************** *****************

* Function name: pcap_complie

* Function: Compile the character string description conditions into the filter program.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* FP: pointer to the bpf_program Structure

* STR: Specifies the string to be compiled into the filter program.

 

* Optimize: control result code optimization

* Netmask: Specifies the subnet mask of the local network.

* Return value:

* Success: 0

* Failed:-1

**************************************** *****************/

Int pcap_compile (pcap_t * P, struct bpf_program * FP, char * STR, int optimize, bpf_u_int32 netmask)

 

 

 

/*************************************** *******************

* Function name: pcap_setfilter

* Function: Apply the filter rule to the specified packet capture description.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* FP: pointer to the bpf_program structure, obtained by calling the pcap_compile Function

 

 

* Return value:

* Success: 0

* Failed:-1

**************************************** ******************/

Int pcap_setfilter (pcap_t * P, struct bpf_program * FP)
 

 

 

/*************************************** ******************

* Function name: pcap_next

* Function: capture a single data packet

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* H: pointer to the p_cap_pkthdr Structure

 

 

* Return value:

 

 

* Success: the obtained network packet content

* Failed: NULL

**************************************** *****************/

U_char * pcap_next (pcap_t * P, struct pcap_pkthdr * H)

 

 

 

/*************************************** *******************

* Function name: pcap_dispatch

* Function: capture and process data packets

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* CNT: the maximum number of data packets processed before the function is called.

* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.

* User: The parameter passed to the callback function.

 

 

* Return value:

* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.

* Failed:-1

**************************************** ******************/

Int pcap_dispatch (pcap_t * P, int CNT, pcap_handler callback, u_char * User)

 

 

 

/*************************************** ********************

* Function name: pcap_loop

* Function: similar to pcap_dispatch, but pcap_loop does not return a value when the read times out. The function returns a value only after processing CNT packets or errors.

* Parameter description:

* P: The description used to capture network packets obtained by calling the pcap_open_live function.

* CNT: the maximum number of data packets processed before the function is called.

* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.

* User: The parameter passed to the callback function.

* Return value:

* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.

* Failed:-1

**************************************** ******************/

Int pcap_loop (pcap_t * P, int CNT, pcap_handler callback, u_char * User)

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.