WinPcap Note 4 No callback function to capture the packet

Function 1:

PCAP_NEXT_EX (pcap_t* p,

struct pcap_pkthdr** Pkt_header,

Const u_char* Pkt_data

)

Read a packet from a network interface or offline capture method (such as a read file). The function is used to regain the next available packet without using the traditional callback method provided by Libpcap. PCAP_NEXT_EX assigns a value to the Pkt_header and Pkt_data parameters with pointers to the head and the next captured packet.

The return value has the following conditions:

1, the packet is read correctly

0,pcap_open_live () Sets the time-out period to. In this case, Pkt_header and pkt_data do not point to valid packets

-1, error occurred

-2, offline capture when read to EOF

We usually use PCAP_NEXT_EX () instead of Pcap_next () because Pcap_next () has some drawbacks. First, Pcap_next () is inefficient because it hides the callback method but relies on pcap_dispatch; second, it cannot detect EOF, so it is not very useful when fetching a packet from a file.

Function 2:

u_char* Pcap_next (pcap_t* p,

struct pcap_pkthdr* h

)

Returns the next available packet and returns a pointer to the part of the data packet that the U_char points to. If an error occurs or the active packet is not read to the packet (for example: the packet cannot be discarded through the packet filter, or the timeout expires before any packets arrive on the platform that supports the read timeout), Alternatively, the file descriptor for the packet capture device is in nonblocking (non-blocking) mode and no packet can be read), or null is returned when the file has been read out. Unfortunately, there is no way to detect whether an error has occurred.

A powerful feature of Winpcap (Libpcap also available) is the filtering engine (filtering engines). It provides a very efficient way to receive network traffic, and it is usually integrated with the capture mechanism provided by WINPCAP. The functions used to filter packets are Pcap_complie () and Pcap_setfilter ().

Pcap_complie () uses a string containing an advanced Boolean expression and produces a low-level byte code that can be integrated into the packet driver by the filtering engine.

Pcap_setfilter () associates a filter with the core drive capture session. Once Pcap_setfilter () is called, the relevant filter will be applied to all packets coming from the network, and all consistent packets will be copied to the application.

1 //Do not return function capture packets2#include"Pcap.h"3 4 5 intMain ()6 {7pcap_if_t *Alldevs;8pcap_if_t *D;9     intInum;Ten     inti =0; Onepcap_t *Adhandle; A     intRes; -     CharErrbuf[pcap_errbuf_size]; -     structTM *Ltime; the     Chartimestr[ -]; -     structPCAP_PKTHDR *header; -     ConstU_char *Pkt_data; - time_t local_tv_sec; +  -  +     /*get a list of native devices*/ A     if(PCAP_FINDALLDEVS_EX (pcap_src_if_string, NULL, &alldevs, errbuf) = =-1) at     { -fprintf (stderr,"Error in Pcap_findalldevs:%s\n", errbuf); -Exit1); -     } -  -     /*Print List*/ in      for(d = Alldevs; D; d = d->next) -     { toprintf"%d.%s", ++i, d->name); +         if(d->description) -printf"(%s) \ n", d->description); the         Else *printf"(No description available) \ n"); $     }Panax Notoginseng  -     if(i = =0) the     { +printf"\nno Interfaces found! Make sure WinPcap is installed.\n"); A         return-1; the     } +  -printf"Enter The interface number (1-%d):", i); $scanf"%d", &inum); $  -     if(Inum <1|| Inum >i) -     { theprintf"\ninterface number out of range.\n"); -         /*Release Device List*/Wuyi Pcap_freealldevs (Alldevs); the         return-1; -     } Wu  -     /*jump to the selected adapter*/ About      for(d = alldevs, I =0; I < inum-1; D = D->next, i++); $  -     /*turn on the device*/ -     if(Adhandle = Pcap_open (D->name,//Device Name -         65536,//The part of the packet to capture A         //65535 guaranteed to capture the full contents of each packet on different data link layers +Pcap_openflag_promiscuous,//Promiscuous Mode the          +,//read time-out period -Null//Remote machine Verification $Errbuf//Error Buffer Pool the)) ==NULL) the     { thefprintf (stderr,"\nunable to open the adapter.%s are not supported by winpcap\n", d->name); the         /*Release set list*/ - Pcap_freealldevs (Alldevs); in         return-1; the     } the  Aboutprintf"\nlistening on%s...\n", d->description); the  the     /*Release Device List*/ the Pcap_freealldevs (Alldevs); +  -     /*Get Packets*/ the      while(res = PCAP_NEXT_EX (Adhandle, &header, &pkt_data)) >=0){Bayi  the         if(res = =0) the             /*Timeout time to*/ -             Continue; -  the         /*convert timestamps to recognizable formats*/ theLocal_tv_sec = header->ts.tv_sec; theLtime = localtime (&local_tv_sec); theStrftime (TIMESTR,sizeofTIMESTR,"%h:%m:%s", ltime); -  theprintf"%s,%.6d len:%d\n", Timestr, Header->ts.tv_usec, header->len); the     } the 94     if(res = =-1){ theprintf"Error reading the packets:%s\n", Pcap_geterr (Adhandle)); the         return-1; the     }98  About     return 0; -}

WinPcap Note 4 No callback function to capture the packet