WinPCAP tutorial
Original source:
http://winpcap.polito.it/docs/man/html/index.html
Author:
Loris DegioAni (DegioAnni@polito.it), NetGroup, Politecnico di Torino
http://winpcap.polito.it
Translator:
Memory fragment (Val_cong@htomail.com)
http://www.s8s8.net
Overview:
This tutorial will guide readers to gradually understand WinPCAP programming, from simple basic functions (get network interface lists, capture packets) to higher content (handling send queue, network traffic statistics). The tutorial includes some code snippet, and Some simple but complete examples, readers can refer to these examples better understand the content of the tutorial. These examples are written in C language, so basic C-language programming knowledge is necessary. At the same time, because of this tutorial is with the underlying network Closely connected, so the author assumes that the reader has related knowledge about the network and protocols.
The translator's words:
Winpcap is a free, Windows-based network interface API, which is very helpful to programmers in the underlying network operation. This document translates from "WinPCap Tutorial: a Step by Step Guide to Program" in "WinpCap Documentation 3.0" Part of WinPCAP. This tutorial is very helpful to beginners, especially short and clear examples, but this tutorial is just a small part of the entire document. I think you still need to refer to other parts of the document to understand various structures, etc. Information. The part of the prefix "Y-" in the tutorial is that the translator is not added to make the reader more understand the author's meaning.
1. Get a list of network interfaces
Typically, a first thing to do based on WinPCAP-based applications is a list of suitable network interfaces. The PCAP_FINDALDEVS () function in libpcap is dry this: this function returns a list of PCAP_IF structures, each Elements have recorded information about an interface. Among them, Name and Description are in the form of mankind, and the device is recorded.
The following source code outputs a list of available network interfaces and outputs error messages without finding any excuse:
#include "pcap.h" main () {PCAP_IF_T * alldevs; PCAP_IF_T * D; INT i = 0; CHAR ERRBUF [PCAP_ERRBUF_SIZE]; / * Get list * / if (PCAP_FINDALDEVS (& AlldEvs, Errbuf) == -1) { FPRINTF (stderr, "error in pcap_findallDevs:% s / n", errbuf); exit (1);} / * Output list * / for (d = alldevs; d; d = d-> next) {printf ("% d.% s ", i, d-> name); if (d-> description) Printf (" (% s) / n ", D-> description); Else / * Y- No effective description * / Printf ("(" ("(" ("(" "} if (i == 0) {/ * Y- There is no effective interface, it may be because there is no WinPCAP * / printf (" / nno interfaces found! make suout WinPCAP is installed./n "); return;} / * We no longer need a list, release * / pcap_freeallDevs (allDevs);
Let's take a look at this code.
First, like other libpcap functions, PCAP_FINDALDEVS () has an error buffer (Errbuf) parameter. This parameter is a string pointer. Once an error occurs, libppcap will fill in an error description here. Then, please note, please The S () function under the PCAP_FINDALDEV system is also supported by libpcap under UNIX, but not all operating systems support "Description" (Description). So, if we want to write a portable Application, then we must prepare for the case where "null" (null): encountering this situation, we will output a "unusual description" message. Finally we release the interface through the PCAP_FREEALLDEVS () function List.
Let us compile and run our first WinPCAP program. If you use UNIX or CGYWIN, you only need the following command:
GCC -O Testaprog Testprog.c -lpcap
In the Windows environment (Y - If you use Microsoft Visual C ), you need to create a project, follow the "Using WinpCap In Your Program" section.
However, I still suggest that you refer to the example in WinPCap Developer's Pack, those examples include, so configure a perfect project, and all you want the library and contain files.
(Y - You can find the configuration method of Microsoft Visual C in this chapter)
Suppose now you have successfully compiled programs, let's run it. On my WinXP workstation, the output results are:
1. {4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029 (AS) Ethernet Adapter
2. {5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3COM EtherLink PCI)
Just as you can see, the name of the network interface (when opening this interface, you need to pass this name to the libppcap library) almost no way to read in the Windows environment (Y-serious consent), so output a description Your users are very helpful.
Note: MICROSoft Visual C
1. Download and install WinPCAP, the recommended version is 3.0
2. From
Http://winpcap.polito.it Download WinPcap Developer's Pack and decompress
3. Empty Project (EMPTY Project) with Microsoft Visual C
4. Copy the source code
5. Add the incrudes directory in WinPCap Developer's Pack as a new containment file directory
6. Add library WPCAP.LIB and WSOCK32.LIB
