group__wpcapsamps.html

WinPcap V4.01技术手册

    <span class="comment">/* Read the packets */</span>
    <span class="keywordflow">while</span>((res = <a class="code" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133">pcap_next_ex</a>( fp, &amp;header, &amp;pkt_data)) &gt;= 0)
    {

        <span class="keywordflow">if</span>(res == 0)
            <span class="comment">/* Timeout elapsed */</span>
            <span class="keywordflow">continue</span>;

        <span class="comment">/* print pkt timestamp and pkt len */</span>
        printf(<span class="stringliteral">"%ld:%ld (%ld)\n"</span>, header-&gt;<a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_sec, header-&gt;<a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_usec, header-&gt;<a class="code" href="structpcap__pkthdr.html#728f264db4f5cc304742565a2bcdbeea">len</a>);          
        
        <span class="comment">/* Print the packet */</span>
        <span class="keywordflow">for</span> (i=1; (i &lt; header-&gt;<a class="code" href="structpcap__pkthdr.html#ac5771ed2efd92508bb4fe650f2ce7d7">caplen</a> + 1 ) ; i++)
        {
            printf(<span class="stringliteral">"%.2x "</span>, pkt_data[i-1]);
            <span class="keywordflow">if</span> ( (i % LINE_LEN) == 0) printf(<span class="stringliteral">"\n"</span>);
        }
        
        printf(<span class="stringliteral">"\n\n"</span>);     
    }

    <span class="keywordflow">if</span>(res == -1)
    {
        fprintf(stderr, <span class="stringliteral">"Error reading the packets: %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a">pcap_geterr</a>(fp));
        <span class="keywordflow">return</span> -1;
    }

    <span class="keywordflow">return</span> 0;
}
</pre></div><p>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title></title>
</head>

<body>

<h3>Packet Filter</h3>

<p>This is a more complete example of libpcap usage. It shows, among other
things, how to create and set filters and how to save a capture to disk. It can
be compiled under Win32 or Unix (projects and makefiles are provided).
Pcap_filter (pf.exe) is a general-purpose packet filtering application: its
input parameters are a source of packets (it can be a physical interface or a
file), a filter and an output file. It takes packets from the source until
CTRL+C is pressed or the whole file is processed, applies the filter to the
incoming packets and saves them to the output file if they satisfy the filter.
Pcap_filter can be used to dump network data according to a particular filter,
but also to extract a set of packets from a previously saved file. The format of
both input and output files is the format used by libpcap, i.e. same of WinDump, tcpdump
and many other network tools.</p>

</body>

</html>
 <div class="fragment"><pre class="fragment"><span class="comment">/*</span>
<span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span>
<span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span>
<span class="comment"> * All rights reserved.</span>
<span class="comment"> *</span>
<span class="comment"> * Redistribution and use in source and binary forms, with or without</span>
<span class="comment"> * modification, are permitted provided that the following conditions</span>
<span class="comment"> * are met:</span>
<span class="comment"> *</span>
<span class="comment"> * 1. Redistributions of source code must retain the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer.</span>
<span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span>
<span class="comment"> * notice, this list of conditions and the following disclaimer in the</span>
<span class="comment"> * documentation and/or other materials provided with the distribution.</span>
<span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span>
<span class="comment"> * nor the names of its contributors may be used to endorse or promote </span>
<span class="comment"> * products derived from this software without specific prior written </span>
<span class="comment"> * permission.</span>
<span class="comment"> *</span>
<span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span>
<span class="comment"> * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span>
<span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span>
<span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span>
<span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span>
<span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span>
<span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span>
<span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span>
<span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span>
<span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span>
<span class="comment"> *</span>
<span class="comment"> */</span>


<span class="preprocessor">#include &lt;stdlib.h&gt;</span>
<span class="preprocessor">#include &lt;stdio.h&gt;</span>

<span class="preprocessor">#include &lt;pcap.h&gt;</span>

<span class="preprocessor">#define MAX_PRINT 80</span>
<span class="preprocessor"></span><span class="preprocessor">#define MAX_LINE 16</span>
<span class="preprocessor"></span>

<span class="keywordtype">void</span> usage();


<span class="keywordtype">void</span> main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv)
{
<a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7">pcap_t</a> *fp;
<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927">PCAP_ERRBUF_SIZE</a>];
<span class="keywordtype">char</span> *source=NULL;
<span class="keywordtype">char</span> *ofilename=NULL;
<span class="keywordtype">char</span> *filter=NULL;
<span class="keywordtype">int</span> i;
<a class="code" href="group__wpcap__def.html#gb8c7858aa3a7e3158d9d58cb113a2ae8">pcap_dumper_t</a> *dumpfile;
<span class="keyword">struct </span>bpf_program fcode;
<a class="code" href="group__wpcap__def.html#g37fdbc8313e90fb2041203a2e40cd482">bpf_u_int32</a> NetMask;
<span class="keywordtype">int</span> res;
<span class="keyword">struct </span><a class="code" href="structpcap__pkthdr.html">pcap_pkthdr</a> *header;
<span class="keyword">const</span> u_char *pkt_data;

    <span class="keywordflow">if</span> (argc == 1)
    {
        usage();
        <span class="keywordflow">return</span>;
    }

    <span class="keywordflow">for</span>(i=1;i &lt; argc; i+= 2)
    {

        <span class="keywordflow">switch</span> (argv[i] [1])
        {
            <span class="keywordflow">case</span> <span class="charliteral">'s'</span>:
            {
                source=argv[i+1];
            };
            <span class="keywordflow">break</span>;

            <span class="keywordflow">case</span> <span class="charliteral">'o'</span>:
            {
                ofilename=argv[i+1];
            };
            <span class="keywordflow">break</span>;

            <span class="keywordflow">case</span> <span class="charliteral">'f'</span>:
            {
                filter=argv[i+1];
            };
            <span class="keywordflow">break</span>;
        }
    }

    <span class="comment">// open a capture from the network</span>
    <span class="keywordflow">if</span> (source != NULL)
    {
        <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791">pcap_open</a>(source,
                            1514 <span class="comment">/*snaplen*/</span>,
                            <a class="code" href="group__remote__open__flags.html#g9134ce51a9a6a7d497c3dee5affdc3b9">PCAP_OPENFLAG_PROMISCUOUS</a> <span class="comment">/*flags*/</span>,
                            20 <span class="comment">/*read timeout*/</span>,
                            NULL <span class="comment">/* remote authentication */</span>,
                            errbuf)
                            ) == NULL)
        {
            fprintf(stderr,<span class="stringliteral">"\nUnable to open the adapter.\n"</span>);
            <span class="keywordflow">return</span>;
        }
    }

    <span class="keywordflow">else</span> usage();

    <span class="keywordflow">if</span> (filter != NULL)
    {
        <span class="comment">// We should loop through the adapters returned by the pcap_findalldevs_ex()</span>
        <span class="comment">// in order to locate the correct one.</span>
        <span class="comment">//</span>
        <span class="comment">// Let's do things simpler: we suppose to be in a C class network ;-)</span>
        NetMask=0xffffff;

        <span class="comment">//compile the filter</span>
        <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#g363bdc6f6b39b4979ddcf15ecb830c5c">pcap_compile</a>(fp, &amp;fcode, filter, 1, NetMask) &lt; 0)
        {
            fprintf(stderr,<span class="stringliteral">"\nError compiling filter: wrong syntax.\n"</span>);
            <span class="keywordflow">return</span>;
        }

        <span class="comment">//set the filter</span>
        <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#gf5f9cfe85dad0967ff607e5159b1ba61">pcap_setfilter</a>(fp, &amp;fcode)&lt;0)
        {
            fprintf(stderr,<span class="stringliteral">"\nError setting the filter\n"</span>);
            <span class="keywordflow">return</span>;
        }

    }

    <span class="comment">//open the dump file</span>
    <span class="keywordflow">if</span> (ofilename != NULL)
    {
        dumpfile= <a class="code" href="group__wpcapfunc.html#g9506c33d580fdb5e5c288dba0f8a085c">pcap_dump_open</a>(fp, ofilename);

        <span class="keywordflow">if</span> (dumpfile == NULL)
        {
            fprintf(stderr,<span class="stringliteral">"\nError opening output file\n"</span>);
            <span class="keywordflow">return</span>;
        }
    }
    <span class="keywordflow">else</span> usage();

    <span class="comment">//start the capture</span>
    <span class="keywordflow">while</span>((res = <a class="code" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133">pcap_next_ex</a>( fp, &amp;header, &amp;pkt_data)) &gt;= 0)
    {

        <span class="keywordflow">if</span>(res == 0)
        <span class="comment">/* Timeout elapsed */</span>
        <span class="keywordflow">continue</span>;

        <span class="comment">//save the packet on the dump file</span>
        <a class="code" href="group__wpcapfunc.html#g659439bf5aa3988b5a92d31990fbf437">pcap_dump</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) dumpfile, header, pkt_data);

    }
}


<span class="keywordtype">void</span> usage()
{

    printf(<span class="stringliteral">"\npf - Generic Packet Filter.\n"</span>);
    printf(<span class="stringliteral">"\nUsage:\npf -s source -o output_file_name [-f filter_string]\n\n"</span>);
    exit(0);
}
</pre></div> 
<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 
CACE Technologies. All rights reserved.</p>