WinPcap programming (1), WinPcap programming (

WinPcap programming (1), WinPcap programming (

 

0.

Written in the document order.

Development Environment: win10 + VS2013.

Not much about configuring the WinPcap environment. Direct to URL: http://blog.sina.com.cn/s/blog_57432f380101qh3n.html

Most of the content is a solution to the function interpretation + problems encountered. Learn & alert.

 

1. Retrieve the list of adapters

The purpose of obtaining an adapter is to obtain which adapters are available on the local machine, so that you can select which adapter to capture packets later.

First, understand a data type pcap_if/pcap_if_t, which is a linked list structure used to store all the adapters of the local machine.

Struct pcap_if {struct pcap_if * next; char * name; char * description; struct pcap_addr * addresses; bpf_u_int32 flags;}; typedef struct pcap_if pcap_if_t;View Code

Note:

The first is a linked list of pcap_if pointing to the next device interface;

The second is the actual name of the device. The name is the name that the machine can recognize and can be called by pcap_open_live;

The third is the text descriptor of the device, which is a text symbol that can be recognized by people; it may be null.

The fourth is an address pointer pointing to the first pointer of a series of interfaces (pcap_addr;

The fifth is a flag. Currently, this flag is primarily a loopback device.

　　

Then, the function for obtaining the list of adapters is:

Int pcap_findalldevs_ex (char * source; struct pcap_rmauth * auth; pcap_if_t ** alldevs; char * errbuf ;)View Code

Note:

1. source can use the source set above, or use PCAP_SRC_FILE_STRING or PCAP_SRC_IF_STRING, which are the file and interface strings respectively. "File: //", "rpcap ://".

2. auth is the remote logon information (pcap_rmauth), which includes the user name, password, and type. Both the user name and password are character pointers in the following types: RPCAP_RMTAUTH_NULL and RPCAP_RMTAUTH_PWD. Mostly BULL.

3. alldevs is used to store the returned interface information. We need to define pcap_if_t * alldevs in advance. This is a linked list that stores interface information.

4. error message of errbuf.

5. If the returned value is 0, the request goes smoothly.-1 indicates an error.

 

Finally, release the device function:

Void pcap_freealldevs (pcap_if_t * alldevsp)View Code

Release memory.

 

Original code:

# Define WIN32 # include "pcap. h "void main () {pcap_if_t * alldevs, * d; int I = 0; char errbuf [PCAP_ERRBUF_SIZE];/* PCAP_ERRBUF_SIZE = 256 in pcap. h defines */if (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & alldevs, errbuf) =-1)/* this API is used to obtain the NIC list */{fprintf (stderr, "Error in pcap_findalldevs: % s \ n", errbuf); // when the errbuf parameter is abnormal, this parameter will be filled by PCAP as return;}/* display the content of the response field in the list */for (d = alldevs; d; = D-> next) {printf ("% d. % s, % s \ n ", ++ I, d-> name, d-> addresses); if (d-> description) {printf (" (% s) \ n ", d-> description); // system (" pause ");} else printf (" (No description available) \ n ");} if (I = 0) {printf ("\ nNo interfaces found! Make sure WinPcap is installed. \ n "); return;}/* We don't need any more the device list. free it */pcap_freealldevs (alldevs); system ("pause ");}View Code

2. Obtain the advanced information of the adapter.

Each pcap_if_t contains a pcap_addr. Pcap_addr contains the advanced information of this device.

　　

Struct pacap_addr {struct pcap_addr * next; struct sockaddr * addr; struct sockaddr * netmask; struct sockaddr * broadaddr; struct sockaddr * dstaddr;/* destination */};View Code

Note:

Second, address list;

Third, mask list;

Fourth, broadcast address list;

Fifth, the destination address list.

 

After obtaining the linked list structure of the adapter list in 1, traverse from the beginning and output the pcap_addr information in pcap_if_t.

　　

# Define WIN32 # include "pcap. h "# ifndef WIN32 # include <winsock. h> # include <wininet. h> # include <ws2def. h> # include <WS2tcpip. h> # else # include <winsock. h> # endif // function prototype void ifprint (pcap_if_t * d); char * iptos (u_long in); char * ip6tos (struct sockaddr * sockaddr, char * address, int addrlen); int main () {pcap_if_t * alldevs; pcap_if_t * d; char errbuf [PCAP_ERRBUF_SIZE + 1]; char source [PCAP_ERRBUF_SIZE + 1]; printf ("Enter the device you want to list: \ n" "rpcap: // ==> lists interfaces in the local machine \ n" "rpcap: // hostname: port => lists interfaces in a remote machine \ n "" (rpcapd daemon must be up and running \ n "" and it must accept 'null' authentication) \ n "" file://foldername ==> Lists all pcap files in the give folder \ n "" Enter your choice: "); fgets (source, PCAP_ERRBUF_SIZE, stdin ); source [PCAP_ERRBUF_SIZE] = '\ 0';/* obtain the interface list */if (pcap_findalldevs_ex (source, NULL, & alldevs, errbuf) =-1) {fprintf (stderr, "Error in pcap_findalldevs: % s \ n", errbuf); exit (1) ;}/ * scan the list and print each item */for (d = alldevs; d; d = d-> next) {ifprint (d);} pcap_freealldevs (alldevs); system ("paus E "); return 1;}/* print all available information */void ifprint (pcap_if_t * d) {pcap_addr_t * a; char ip6str [128]; /* Device Name (name) */printf ("% s \ n", d-> Name);/* Device Description */if (d-> description) printf ("\ tDescription: % s \ n", d-> description);/* Loopback Address */printf ("\ tLoopback: % s \ n ", (d-> flags & PCAP_IF_LOOPBACK )? "Yes": "no");/* IP addresses */for (a = d-> addresses; a = a-> next) {printf ("\ tAddress Family: # % d \ n", a-> addr-> sa_family); switch (a-> addr-> sa_family) {case AF_INET: printf ("\ tAddress Family Name: AF_INET \ n"); if (a-> addr) printf ("\ tAddress: % s \ n ", iptos (struct sockaddr_in *) a-> addr)-> sin_addr.s_addr); if (a-> netmask) printf ("\ tNetmask: % s \ n ", iptos (struct sockaddr_in *) a-> netmask)-> sin_addr.s_addr); if (a-> broadaddr) printf ("\ tBroadcast Address: % s \ n ", iptos (struct sockaddr_in *) a-> broadaddr)-> sin_addr.s_addr); if (a-> dstaddr) printf ("\ tDestination Address: % s \ n ", iptos (struct sockaddr_in *) a-> dstaddr)-> sin_addr.s_addr); break; case AF_INET6: printf ("\ tAddress Family Name: AF_INET6 \ n "); if (a-> addr) printf ("\ tAddress: % s \ n", ip6tos (a-> addr, ip6str, sizeof (ip6str); break; default: printf ("\ tAddress Family Name: Unknown \ n"); break ;}} printf ("\ n ");}View Code/* convert a numeric IP address to a string */# define IPTOSBUFFERS 12 char * iptos (u_long in) {static char output [IPTOSBUFFERS] [3*4 + 3 + 1]; static short which; u_char * p; p = (u_char *) & in; which = (which + 1 = IPTOSBUFFERS? 0: which + 1); sprintf_s (output [which], "% d. % d. % d. % d ", p [0], p [1], p [2], p [3]); return output [which];} char * ip6tos (struct sockaddr * sockaddr, char * address, int addrlen) {socklen_t sockaddrlen; # ifdef WIN32 sockaddrlen = sizeof (struct sockaddr_in6 ); # else sockaddrlen = sizeof (struct sockaddr_storage); # endif if (getnameinfo (sockaddr, sockaddrlen, address, addrlen, NULL, 0, NI_NUMERICHOST )! = 0) address = NULL; return address ;}Auxiliary Function, IP to string