WinPcap programming (3) and winpcap Programming
1. filter settings
Set the filter to get the desired package type. Like WireShark.
Process: Compile the filter and set the filter. Directly refer to the document code:
If (d-> addresses! = NULL)/* obtain the mask of the first address of the interface */netmask = (struct sockaddr_in *) (d-> addresses-> netmask)-> sin_addr.S_un.S_addr; else/* if this interface has no address, we assume that this interface is in a class C Network */netmask = 0 xffffff; compile the filter if (pcap_compile (adhandle, & fcode, "ip and tcp", 1, netmask) <0) {fprintf (stderr, "\ nUnable to compile the packet filter. check the syntax. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} set the filter if (pcap_setfilter (adhandle, & fcode) <0) {fprintf (stderr, "\ nError setting the filter. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1 ;}View Code
2. Analyze Data Packets
You only need to know how to construct and then how to handle it.
Source code:
# Define WIN32 # include "pcap. h "typedef struct mac {u_char byte1; u_char byte2; u_char byte3; u_char byte4; u_char byte5; u_char byte6;} mac; typedef struct eth_header {mac dmac; mac smac; u_short type;} eth_header;/* 4-byte IP Address */typedef struct ip_address {u_char byte1; u_char byte2; u_char byte3; u_char byte4;} ip_address; /* IPv4 header */typedef struct ip_header {u_char ver_ihl; // version (4 bits) + header length (4 bit S) u_char tos; // service Type (Type of service) u_short tlen; // Total length (Total length) u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + segment offset (Fragment offset) (13 bits) u_char ttl; // Time to live u_char proto; // Protocol (Protocol) u_short crc; // Header checksum (Header checksum) ip_address saddr; // Source address (Source address) ip_address daddr; // Destination address) u_int op_pad; // Option and fill (Option + Padding)} ip_header;/* UDP header */typedef struct udp_header {u_short sport; // Source port (Source port) u_short dport; // Destination port (Destination port) u_short len; // UDP packet length (datatelength) u_short crc; // Checksum} udp_header; /* callback function prototype */void packet_handler2 (u_char * param, const struct pcap_pkthdr * header, const u_char * pkt_data); int main () {pcap_if_t * alldevs; release * d; int inum; int I = 0; pcap_t * adhandle; char errbuf [PCAP_ERRBUF_SIZE]; u_int netmask; char packet_filter [] = "ip"; struct bpf_program fcode; /* get the device list */if (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & alldevs, errbuf) =-1) {fprintf (stderr, "Error in pcap_findalldevs: % s \ n ", errbuf); exit (1);}/* print the list */for (d = alldevs; d = d-> next) {printf ("% d. % s ", ++ I, d-> name); if (d-> description) printf (" (% s )\ N ", d-> description); else printf (" (No description available) \ n ");} if (I = 0) {printf (" \ nNo interfaces found! Make sure WinPcap is installed. \ n "); return-1;} printf (" Enter the interface number (1-% d): ", I); scanf_s (" % d ", & inum ); if (inum <1 | inum> I) {printf ("\ nInterface number out of range. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;}/* jump to the selected device */for (d = alldevs, I = 0; I <inum-1; d = d-> next, I ++);/* Open the adapter * // if (adhandle = pcap_open (d-> name, // device name // 65536, // part of the data packet to be captured/ /// 65535 ensure that all content of each data packet on different data link layers can be captured // PCAP_OPENFLAG_PROMISCUOUS, // mixed mode // 0, // read timeout // NULL, // remote machine verification // errbuf // Error Buffer Pool //) = NULL) if (adhandle = pcap_open_live (d-> name, 65536, PCAP_OPENFLAG_PROMISCUOUS, 0, errbuf) = NULL) {fprintf (stderr, "\ nUnable to open the adapter. % s is not supported by WinPcap \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;}/* check the data link layer for simplicity, we only consider Ethernet * /// If (pcap_datalink (adhandle )! = DLT_EN10MB) // {// fprintf (stderr, "\ nThis program works only on Ethernet networks. \ n "); // * release the device list * // pcap_freealldevs (alldevs); // return-1; //} if (d-> addresses! = NULL)/* obtain the mask of the first address of the interface */netmask = (struct sockaddr_in *) (d-> addresses-> netmask)-> sin_addr.S_un.S_addr; else/* if the interface does not have an address, assume a class C mask */netmask = 0 xffffff; // compile the filter if (pcap_compile (adhandle, & fcode, packet_filter, 1, netmask) <0) {fprintf (stderr, "\ nUnable to compile the packet filter. check the syntax. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} // set the filter if (pcap_setfilter (adha Ndle, & fcode) <0) {fprintf (stderr, "\ nError setting the filter. \ n ");/* release the device list */pcap_freealldevs (alldevs); return-1;} printf (" \ nlistening on % s... \ n ", d-> description);/* release the device list */pcap_freealldevs (alldevs);/* Start capturing */pcap_loop (adhandle, 0, packet_handler2, NULL ); system ("pause"); return 0;}/* callback function, which is called by libpcap */void packet_handler2 (u_char * param, const struct pcap_pkthdr * header, Const u_char * pkt_data) {struct tm ltime; char timestr [16]; time_t local_ TV _sec; eth_header * eh; ip_header * ih; udp_header * uh; u_int ip_len; u_short = 0, dport = 0; int I;/* converts the timestamp into a recognizable format */local_ TV _sec = header-> ts. TV _sec; localtime_s (& ltime, & local_ TV _sec); strftime (timestr, sizeof timestr, "% H: % M: % S", & ltime ); /* print the data packet Timestamp and length */printf ("Time Stamp: % s. %. 6d \ nLength: % d \ n ", timestr, header-> t S. TV _usec, header-> len); // * obtain the Ethernet frame header * // eh = (eth_header *) (pkt_data ); /// * position of the IP packet header obtained * // ih = (ip_header *) (pkt_data + // 14 ); // length of the Ethernet header // * obtain the location of the UDP header // The IP datagram header is 4 bits, measured in 32bit (4 bytes) // The maximum length of an IP header is "1111", that is, 15*4 = 60 bytes. The minimum IP Address Header length is 20 bytes. // * // Ip_len = (ih-> ver_ihl & 0xf) * 4; // uh = (udp_header *) (u_char *) ih + ip_len ); /// * convert the network byte sequence to the host byte sequence * // sport = ntohs (uh-> sport); // dport = ntohs (uh-> dport ); /* print the data of the Data Packet */printf ("\ nDATA:"); for (I = 0; I
3. Sending a package is relatively simple.