Winpcap_6_ capturing packets without a callback method

Replace the Pcap_loop () function in _5_ with the PCAP_NEXT_EX () function;

The pcap_loop () function is an ingenious way to capture data based on the principle of callbacks , and in some cases it is a good choice. However, handling callbacks is sometimes impractical-it increases the complexity of the program, especially in C + + programs that have multiple threads.

You can get a packet by calling the PCAP_NEXT_EX () function directly--only if the programmer uses the PCAP_NEXT_EX () function to receive the packet.

The parameter of this function is the same as the parameter that captures the callback function-it contains a descriptor for the network adapter and Two pointers that can be initialized and returned to the user (one pointing to the PCAP_PKTHDR struct and the other to the datagram data buffer).

In the following program, we will again use the previous talk about the callback aspect of the code, but we put it into the main () function, and then call the PCAP_NEXT_EX () function.

int pcap_next_ex  (pcap_t *  p,    struct pcap_pkthdr * *  Pkt_header,     Const U_char * *  pkt_data    

Read a packet from the interface or from an offline capture.

This function was used to retrieve the next available packet, bypassing the callback method traditionally provided by LIBPC Ap.

PCAP_NEXT_EX fills the Pkt_header and Pkt_data parameters (see Pcap_handler ()) with the pointers to the header and to the data of the next captured packet.

The return value can be:

• 1 if the packet has been read without problems
• 0 if the timeout set with pcap_open_live () has elapsed. In this case Pkt_header and pkt_data don ' t point to a valid packet
• -1 If an error occurred
• -2 if EOF is reached reading from an offline capture

void Const struct Const U_char *pkt_data)  

Prototype of the callback function that receives the packets.

When Pcap_dispatch () or Pcap_loop () is called by the user, the packets is passed to the application by means of this CAL Lback. User is a user-defined parameter this contains the state of the capture session, it corresponds to the user param Eter of Pcap_dispatch () and Pcap_loop (). Pkt_header is the header of associated by the capture driver to the packet. It is a protocol header. Pkt_data points to the data of the packet, including the protocol headers.

1#include"Pcap.h"2 #pragmaComment (lib, "Wpcap.lib")3 #pragmaComment (lib, "Packet.lib")4 #pragmaComment (lib, "Wsock32.lib")5 6 7#include"Pcap.h"8 9 Ten Main () One { Apcap_if_t *Alldevs; -pcap_if_t *D; - intInum; the intI=0; -pcap_t *Adhandle; - intRes; - CharErrbuf[pcap_errbuf_size]; + structTM *Ltime; - Chartimestr[ -]; + structPCAP_PKTHDR *header; A ConstU_char *Pkt_data; at time_t local_tv_sec; -      -      -     /*get a list of native devices*/ -     if(PCAP_FINDALLDEVS_EX (pcap_src_if_string, NULL, &alldevs, errbuf) = =-1) -     { infprintf (stderr,"Error in Pcap_findalldevs:%s\n", errbuf); -Exit1); to     } +      -     /*Print List*/ the      for(D=alldevs; D; d=d->next) *     { $printf"%d.%s", ++i, d->name);Panax Notoginseng         if(d->description) -printf"(%s) \ n", d->description); the         Else +printf"(No description available) \ n"); A     } the      +     if(i==0) -     { $printf"\nno Interfaces found! Make sure WinPcap is installed.\n"); $         return-1; -     } -      theprintf"Enter The interface number (1-%d):", i); -scanf"%d", &inum);Wuyi      the     if(Inum <1|| Inum >i) -     { Wuprintf"\ninterface number out of range.\n"); -         /*Release Device List*/ About Pcap_freealldevs (Alldevs); $         return-1; -     } -      -     /*jump to the selected adapter*/ A      for(D=alldevs, i=0; i< inum-1;d =d->next, i++); +      the     /*turn on the device*/ -     if(Adhandle= Pcap_open (D->name,//Device Name $                               65536,//The part of the packet to capture the                                                 //65535 guaranteed to capture the full contents of each packet on different data link layers thePcap_openflag_promiscuous,//Promiscuous Mode the                                +,//read time-out period theNull//Remote machine Verification -Errbuf//Error Buffer Pool in) ) ==NULL) the     { thefprintf (stderr,"\nunable to open the adapter.%s are not supported by winpcap\n", d->name); About         /*Release set list*/ the Pcap_freealldevs (Alldevs); the         return-1; the     } +      -printf"\nlistening on%s...\n", d->description); the     Bayi     /*Release Device List*/ the Pcap_freealldevs (Alldevs); the      -     /*Get Packets*/ -      while(res = PCAP_NEXT_EX (Adhandle, &header, &pkt_data)) >=0){ the          the         if(res = =0) the             /*Timeout time to*/ the             Continue; -          the         /*convert timestamps to recognizable formats*/ theLocal_tv_sec = header->ts.tv_sec; theLtime=localtime (&local_tv_sec);94Strftime (TIMESTR,sizeofTIMESTR,"%h:%m:%s", ltime); the          theprintf"%s,%.6d len:%d\n", Timestr, Header->ts.tv_usec, header->len); the     }98      About     if(res = =-1){ -printf"Error reading the packets:%s\n", Pcap_geterr (Adhandle));101         return-1;102     }103     104     return 0; the}

No callback method is used to capture the packet. C

Results

Why do we use PCAP_NEXT_EX () instead of the previous pcap_next ()? Because Pcap_next () has some bad places. First, it is inefficient, although it hides the callback method, but it still relies on the function pcap_dispatch (). Second, it cannot detect the state at the end of the file (EOF), so it is less useful if the packet is read from a file.

It is worth noting that PCAP_NEXT_EX () returns different values in the case of a success, timeout, error, or EOF.

Winpcap_6_ capturing packets without a callback method