Step by gradual learning WinPCAP (1)
Some detail descriptions that need to know (preface):
This section shows how to use the different features of the WinPCAP-API, which is used as a guide to a series of class to lead the reader's step-by-step experience PCAP programming.
Charm: From a simple basic function (such as a list of network cards, the capture of packets, etc.) to advanced features such as statistics and collection network traffic.
Here will provide some simple but complete code as a reference: all these original code have a connection to the detailed information it associated to clicking on these features and data structures, even if they jump to the relevant literature.
These examples are written in C language, so we must first have a certain C language before learning. Of course, PCAP is driven as a network underlayer. To learn it, it must have certain network knowledge.
(1) Get a list of network drivers
The first thing to write applications with PCAP is often a list of local NIC. PCAP provides a PCAP_FINDALDEVS () function to implement this feature, this API returns a PCAP_IF structure, and each of the menu contains comprehensive network card information: especially the field name and the name of the name, and the drive Read information.
The program that gets the network driver list is as follows:
#include "pcap.h"
Main ()
{
PCAP_IF_T * ALLDEVS;
PCAP_IF_T * D;
INT i = 0;
CHAR ERRBUF [PCAP_ERRBUF_SIZE];
/ * This API is used to get a list of network cards * /
IF (PCAP_FINDALDEVS (& alldevs, errbuf) == -1)
{
FPrintf (stderr, "error in pcap_findallDalldevs:% s / n", errbuf);
Exit (1);
}
/ * Display the contents of the list of response fields * /
For (d = alldevs; d; d = d-> next)
{
Printf ("% d.% s", i, d-> name);
IF (D-> Description)
Printf ("(% s) / n", D-> description);
Else Printf ("(No Description Available) / N");
}
IF (i == 0)
{
Printf ("/ nno interfaces found! make supess is installed./n");
Return;
}
/ * We don't need any more the device list. Free it * /
PCAP_FREEALLDEVS (AllDevs);
}
Some instructions on this program:
First, PCAP_FINDALDEVS () has an errbuf parameter as other libpca functions. When there is an abnormal situation, this parameter will be filled with a specific error string by PCAP.
Again, UNIX also provides PCAP_FINDALDEVS () functions, but note that not all systems support the network program interface provided by libppcap. So I want to write something appropriate.
The program must take into account these conditions (the system cannot return some field description information), in this case, I should give similar "no description available" like "no description available".
prompt.
Don't forget to release the memory resources at the end of the final end.
The original text is as follows:
Obtaining the device list
The first thing that usually a WinPcap based application needs is a list of suitable network adapters Libpcap provides the pcap_findalldevs () function for this purpose:.. This function returns a linked list of pcap_if structures, each of which contains comprehensive information about an adapter In particular the fields name and description contain the name and a human readable description of the device.The following code retrieves the adapter list and shows it on the screen, printing an error if no adapters are found.
#include "pcap.h"
Main ()
{
PCAP_IF_T * ALLDEVS;
PCAP_IF_T * D;
INT i = 0;
CHAR ERRBUF [PCAP_ERRBUF_SIZE];
/ * Retrieve the device list * /
IF (PCAP_FINDALDEVS (& alldevs, errbuf) == -1)
{
FPrintf (stderr, "error in pcap_findallDalldevs:% s / n", errbuf);
Exit (1);
}
/ * Print the list * /
For (d = alldevs; d; d = d-> next)
{
Printf ("% d.% s", i, d-> name);
IF (D-> Description)
Printf ("(% s) / n", D-> description);
Else Printf ("(No Description Available) / N");
}
IF (i == 0)
{
Printf ("/ nno interfaces found! make supess is installed./n");
Return;
}
/ * We don't need any more the device list. Free it * /
PCAP_FREEALLDEVS (AllDevs);
}
Some Comments About this code.
First Of All, PCAP_FINDALDEVS (), LIKE Other Libpcap Functions, Has An Errbuf Parameter. This Parameter Points to a string flyd by libpcap with a description of the error if something goes wrong.
Second, note that pcap_findalldevs () is provided by libpcap under Unix as well, but remember that not all the OSes supported by libpcap provide a description of the network interfaces, therefore if we want to write a portable application, we must consider the case in Which Description is Null: We print the string "No Description." IN That Situation.note Finally That We Free The List with PCAP_FREALLDEVs () ONCE WHEN WHEN We since Finished with it.
Let's try to compile and run the code of this first sample. In Order To Compile It Under Unix OR Cygwin, Simply Issue A:
GCC -O Testaprog Testprog.c -lpcap
On Windows, you will need to create a project, following the instructions in the "Using WinPcap in your programs" section of this manual. However, I suggest you to use the WinPcap developer's pack (available at the WinPcap website,
http://winpcap.polito.it), that provides a lot of properly configured example apps, all the code presented in this tutorial and all the projects, includes and libraries needed to compile and run the samples.
Assuming We Have Compiled The Program, Let's Try To Run It. ON My WinXP Workstation, The Result IS
1. {4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029 (AS) Ethernet Adapter
2. {5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3COM EtherLink PCI)
As you can see, The Name of the network adapters (That Will Be Passed to Libpcap When Opening the Devices) Under Windows Areque, So The Description Near The User.
Why do you laugh and look at the flowers, and you will go to the mountains in the mountains.
