Step-by-Step learning using Winpcap (1)

Step-by-Step learning using Winpcap (1)

Some details (preface ):
This section shows how to use the different features of the WINPCAP-API, which is divided into a series of lessons as a user guide to lead the reader step by step to experience the pcap Programming

Charm: advanced functions, such as getting a list of NICs and capturing data packets, to collecting and collecting network traffic.

Here we will provide some simple but complete code for reference: all of the original code is connected to its related details so that when you click these functions and data structures, you can even jump to the relevant literature.

These examples are written in C language. Therefore, before learning, you must have a basic C language. Of course, pcap is used as the underlying driver of the network, to learn it well, you must have certain network knowledge.

(1) Get the Network Driver list

The first thing to write an application using pcap is to obtain a list of local NICs. Pcap provides the pcap_findalldevs () function to implement this function. This API returns a connection table in the pcap_if structure, and each item of the connection table contains comprehensive Nic information: in particular, field names, descriptions containing names, and readable information about the drive.

The Program for getting the Network Driver list is as follows:

# Include "pcap. H"

Main ()
{
Pcap_if_t * alldevs;
Pcap_if_t * D;
Int I = 0;
Char errbuf [pcap_errbuf_size];

/* This API is used to obtain the NIC list */
If (pcap_findalldevs (& alldevs, errbuf) =-1)
{
Fprintf (stderr, "error in pcap_findalldevs: % s/n", errbuf );
Exit (1 );
}

/* Display the content of the response field in the list */
For (D = alldevs; D = D-> next)
{
Printf ("% d. % s", ++ I, d-> name );
If (D-> description)
Printf ("(% s)/n", D-> description );
Else printf ("(no description available)/n ");
}

If (I = 0)
{
Printf ("/Nno interfaces found! Make sure Winpcap is installed./N ");
Return;
}

/* We don't need any more the device list. Free It */
Pcap_freealldevs (alldevs );
}

Some descriptions of this program:
Pcap_findalldevs () has an errbuf parameter in the same way as other libpca functions. When an exception occurs, this parameter is filled with a specific error string by pcap.

UNIX also provides the pcap_findalldevs () function, but note that not all systems support the Network Program interfaces provided by Libpcap. So I want to write the appropriate

(The system cannot return the description of some fields). In this case, we should provide a program similar to "no description available ".

Prompt.

Do not forget to use pcap_freealldevs () to release memory resources.

The original article is as follows:

Obtaining the device list

The first thing that usually a Winpcap based application needs is a list of suitable network adapters. libpcap provides the pcap_findalldevs () function for this purpose: This function returns a linked list of pcap_if structures, each of which contains comprehensive information about an adapter. in particle the fields Name and description contain the name and a human readable description of the device.
The following code retrieves the adapter list and shows it on the screen, printing an error if no adapters are found.

# Include "pcap. H"

Main ()
{
Pcap_if_t * alldevs;
Pcap_if_t * D;
Int I = 0;
Char errbuf [pcap_errbuf_size];

/* Retrieve the device list */
If (pcap_findalldevs (& alldevs, errbuf) =-1)
{
Fprintf (stderr, "error in pcap_findalldevs: % s/n", errbuf );
Exit (1 );
}

/* Print the list */
For (D = alldevs; D = D-> next)
{
Printf ("% d. % s", ++ I, d-> name );
If (D-> description)
Printf ("(% s)/n", D-> description );
Else printf ("(no description available)/n ");
}

If (I = 0)
{
Printf ("/Nno interfaces found! Make sure Winpcap is installed./N ");
Return;
}

/* We don't need any more the device list. Free It */
Pcap_freealldevs (alldevs );
}

Some comments about this code.

First of all, pcap_findalldevs (), like other libpcap functions, has an errbuf parameter. This parameter points to a string filled by libpcap with a description of the error if something goes wrong.

Second, note that pcap_findalldevs () is provided by libpcap under Unix as well, but remember that not all the oses supported by libpcap provide a description of the network interfaces, therefore if we want to write a portable application, we must consider the case in which description is null: we print the string "no description available" in that situation.

Note finally that we free the list with pcap_freealldevs () once when we have finished with it.

Let's try to compile and run the code of this first sample. In order to compile it under Unix or cygwin, simply issue:

Gcc-O testaprog testprog. C-lpcap

On Windows, you will need to create a project, following the instructions in the "using Winpcap in your programs" section of this Manual. however, I suggest you to use the Winpcap developer's Pack (available at the Winpcap website, http://winpcap.polito.it), that provides a lot of properly configured example apps, all the Code presented in this tutorial and all the projects, between des and libraries needed to compile and run the samples.

Assuming we have compiled the program, let's try to run it. On my WINXP workstation, the result is

1. {4e273621-5161-46c8-895a-48d0e52a0b83} (RealTek rtl8029 (AS) Ethernet adapter)
2. {5d24ae04-c486-4a96-83fb-8b5ec6c7f430} (3Com etherlink PCI)

As you can see, the name of the network adapters (that will be passed to libpcap when opening the devices) under windows are quite unreadable, so the description near them can be very useful to the user. --
Why don't you smile and see the flowers bloom.