1) libpcap, full name: Packet Capture library, that is, the data packet capture function library.
2) libpcap applications:
1. Intrusion Detection System
2. Network debugging
3. packet capture and filtering
4. Network statistics software
5. network sniffer
3) Main functions in the libpcap library
/*************************************** ***************
* Function name: pcap_open_live
* Function: Get the description of the packet capture used to capture network packets.
* Parameter description:
* Device: the name of the network device that is enabled.
* Snaplen: Maximum number of bytes of captured data
* Promisc: whether to set network interfaces to the hybrid mode
* To_ms: Specifies the timeout time (in milliseconds)
* Ebuf: error message
* Return value:
* Success: Description of the packet capture
* Failed: NULL
**************************************** ***************/
Pcap_t * pcap_open_live (char * device, int snaplen, int promisc, int to_ms, char * ebuf)
/*************************************** ***************
* Function name: pcap_lookupdev
* Function: Query network devices in the current system.
* Parameter description:
* Ebuf: error message
* Return value:
* Success: pointer to the name of the network device
* Failed: NULL
**************************************** **************/
Char * pcap_lookupdev (char * errbuf)
/*************************************** ***************
* Function name: pcap_lookupnet
* Function: Obtain the IP address and mask of the network device.
* Parameter description:
* Device: network device name
* Netp: IP Address
* Maskp: mask
* Ebuf: error message
* Return value:
* Success: Non-1
* Failed:-1
**************************************** ***************/
Int pcap_lookupnet (char * device, bpf_u_int32 * netp, bpf_u_int32 * maskp, char * errbuf)
/*************************************** *****************
* Function name: pcap_complie
* Function: Compile the character string description conditions into the filter program.
* Parameter description:
* P: The description used to capture network packets obtained by calling the pcap_open_live function.
* FP: pointer to the bpf_program Structure
* STR: Specifies the string to be compiled into the filter program.
* Optimize: control result code optimization
* Netmask: Specifies the subnet mask of the local network.
* Return value:
* Success: 0
* Failed:-1
**************************************** *****************/
Int pcap_compile (pcap_t * P, struct bpf_program * FP, char * STR, int optimize, bpf_u_int32 netmask)
/*************************************** *******************
* Function name: pcap_setfilter
* Function: Apply the filter rule to the specified packet capture description.
* Parameter description:
* P: The description used to capture network packets obtained by calling the pcap_open_live function.
* FP: pointer to the bpf_program structure, obtained by calling the pcap_compile Function
* Return value:
* Success: 0
* Failed:-1
**************************************** ******************/
Int pcap_setfilter (pcap_t * P, struct bpf_program * FP)
/*************************************** ******************
* Function name: pcap_next
* Function: capture a single data packet
* Parameter description:
* P: The description used to capture network packets obtained by calling the pcap_open_live function.
* H: pointer to the p_cap_pkthdr Structure
* Return value:
* Success: the obtained network packet content
* Failed: NULL
**************************************** *****************/
U_char * pcap_next (pcap_t * P, struct pcap_pkthdr * H)
/*************************************** *******************
* Function name: pcap_dispatch
* Function: capture and process data packets
* Parameter description:
* P: The description used to capture network packets obtained by calling the pcap_open_live function.
* CNT: the maximum number of data packets processed before the function is called.
* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.
* User: The parameter passed to the callback function.
* Return value:
* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.
* Failed:-1
**************************************** ******************/
Int pcap_dispatch (pcap_t * P, int CNT, pcap_handler callback, u_char * User)
/*************************************** ********************
* Function name: pcap_loop
* Function: similar to pcap_dispatch, but pcap_loop does not return a value when the read times out. The function returns a value only after processing CNT packets or errors.
* Parameter description:
* P: The description used to capture network packets obtained by calling the pcap_open_live function.
* CNT: the maximum number of data packets processed before the function is called.
* Callback: Specifies a callback function with three parameters. After obtaining the data packet, this function is called to process the data packet.
* User: The parameter passed to the callback function.
* Return value:
* Successful: No data packet is obtained, and 0 is returned; otherwise, the number of data packets read is returned.
* Failed:-1
**************************************** ******************/
Int pcap_loop (pcap_t * P, int CNT, pcap_handler callback, u_char * User)