📄 group__wpcap__tut7.html
字号:
<a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7">pcap_t</a> *fp;<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927">PCAP_ERRBUF_SIZE</a>];<span class="keywordtype">char</span> source[<a class="code" href="group__remote__struct.html#gcacb155b596f7511f714de129ae32c97">PCAP_BUF_SIZE</a>]; <span class="keywordflow">if</span>(argc != 2){ printf(<span class="stringliteral">"usage: %s filename"</span>, argv[0]); <span class="keywordflow">return</span> -1; } <span class="comment">/* Create the source string according to the new WinPcap syntax */</span> <span class="keywordflow">if</span> ( <a class="code" href="group__wpcapfunc.html#ga3111e10f930a9772a32a922b26948b0">pcap_createsrcstr</a>( source, <span class="comment">// variable that will keep the source string</span> <a class="code" href="group__remote__source__ID.html#g9188ad0fc0d12fc51d1e9f5e78bf9440">PCAP_SRC_FILE</a>, <span class="comment">// we want to open a file</span> NULL, <span class="comment">// remote host</span> NULL, <span class="comment">// port on the remote host</span> argv[1], <span class="comment">// name of the file we want to open</span> errbuf <span class="comment">// error buffer</span> ) != 0) { fprintf(stderr,<span class="stringliteral">"\nError creating a source string\n"</span>); <span class="keywordflow">return</span> -1; } <span class="comment">/* Open the capture file */</span> <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791">pcap_open</a>(source, <span class="comment">// name of the device</span> 65536, <span class="comment">// portion of the packet to capture</span> <span class="comment">// 65536 guarantees that the whole packet will be captured on all the link layers</span> <a class="code" href="group__remote__open__flags.html#g9134ce51a9a6a7d497c3dee5affdc3b9">PCAP_OPENFLAG_PROMISCUOUS</a>, <span class="comment">// promiscuous mode</span> 1000, <span class="comment">// read timeout</span> NULL, <span class="comment">// authentication on the remote machine</span> errbuf <span class="comment">// error buffer</span> ) ) == NULL) { fprintf(stderr,<span class="stringliteral">"\nUnable to open the file %s.\n"</span>, source); <span class="keywordflow">return</span> -1; } <span class="comment">// read and dispatch packets until EOF is reached</span> <a class="code" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de">pcap_loop</a>(fp, 0, dispatcher_handler, NULL); <span class="keywordflow">return</span> 0;}<span class="keywordtype">void</span> dispatcher_handler(u_char *temp1, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html">pcap_pkthdr</a> *header, <span class="keyword">const</span> u_char *pkt_data){ u_int i=0; <span class="comment">/* print pkt timestamp and pkt len */</span> printf(<span class="stringliteral">"%ld:%ld (%ld)\n"</span>, header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_sec, header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_usec, header-><a class="code" href="structpcap__pkthdr.html#728f264db4f5cc304742565a2bcdbeea">len</a>); <span class="comment">/* Print the packet */</span> <span class="keywordflow">for</span> (i=1; (i < header-><a class="code" href="structpcap__pkthdr.html#ac5771ed2efd92508bb4fe650f2ce7d7">caplen</a> + 1 ) ; i++) { printf(<span class="stringliteral">"%.2x "</span>, pkt_data[i-1]); <span class="keywordflow">if</span> ( (i % LINE_LEN) == 0) printf(<span class="stringliteral">"\n"</span>); } printf(<span class="stringliteral">"\n\n"</span>); }</pre></div><p>The following example has the same purpose of the last one, but <a class="el" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133">pcap_next_ex()</a> is used instead of the <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de">pcap_loop()</a> callback method.<p><div class="fragment"><pre class="fragment"><span class="preprocessor">#include <stdio.h></span><span class="preprocessor">#include <pcap.h></span><span class="preprocessor">#define LINE_LEN 16</span><span class="preprocessor"></span>main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv){<a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7">pcap_t</a> *fp;<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927">PCAP_ERRBUF_SIZE</a>];<span class="keywordtype">char</span> source[<a class="code" href="group__remote__struct.html#gcacb155b596f7511f714de129ae32c97">PCAP_BUF_SIZE</a>];<span class="keyword">struct </span><a class="code" href="structpcap__pkthdr.html">pcap_pkthdr</a> *header;<span class="keyword">const</span> u_char *pkt_data;u_int i=0;<span class="keywordtype">int</span> res; <span class="keywordflow">if</span>(argc != 2) { printf(<span class="stringliteral">"usage: %s filename"</span>, argv[0]); <span class="keywordflow">return</span> -1; } <span class="comment">/* Create the source string according to the new WinPcap syntax */</span> <span class="keywordflow">if</span> ( <a class="code" href="group__wpcapfunc.html#ga3111e10f930a9772a32a922b26948b0">pcap_createsrcstr</a>( source, <span class="comment">// variable that will keep the source string</span> <a class="code" href="group__remote__source__ID.html#g9188ad0fc0d12fc51d1e9f5e78bf9440">PCAP_SRC_FILE</a>, <span class="comment">// we want to open a file</span> NULL, <span class="comment">// remote host</span> NULL, <span class="comment">// port on the remote host</span> argv[1], <span class="comment">// name of the file we want to open</span> errbuf <span class="comment">// error buffer</span> ) != 0) { fprintf(stderr,<span class="stringliteral">"\nError creating a source string\n"</span>); <span class="keywordflow">return</span> -1; } <span class="comment">/* Open the capture file */</span> <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791">pcap_open</a>(source, <span class="comment">// name of the device</span> 65536, <span class="comment">// portion of the packet to capture</span> <span class="comment">// 65536 guarantees that the whole packet will be captured on all the link layers</span> <a class="code" href="group__remote__open__flags.html#g9134ce51a9a6a7d497c3dee5affdc3b9">PCAP_OPENFLAG_PROMISCUOUS</a>, <span class="comment">// promiscuous mode</span> 1000, <span class="comment">// read timeout</span> NULL, <span class="comment">// authentication on the remote machine</span> errbuf <span class="comment">// error buffer</span> ) ) == NULL) { fprintf(stderr,<span class="stringliteral">"\nUnable to open the file %s.\n"</span>, source); <span class="keywordflow">return</span> -1; } <span class="comment">/* Retrieve the packets from the file */</span> <span class="keywordflow">while</span>((res = <a class="code" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133">pcap_next_ex</a>( fp, &header, &pkt_data)) >= 0) { <span class="comment">/* print pkt timestamp and pkt len */</span> printf(<span class="stringliteral">"%ld:%ld (%ld)\n"</span>, header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_sec, header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8">ts</a>.tv_usec, header-><a class="code" href="structpcap__pkthdr.html#728f264db4f5cc304742565a2bcdbeea">len</a>); <span class="comment">/* Print the packet */</span> <span class="keywordflow">for</span> (i=1; (i < header-><a class="code" href="structpcap__pkthdr.html#ac5771ed2efd92508bb4fe650f2ce7d7">caplen</a> + 1 ) ; i++) { printf(<span class="stringliteral">"%.2x "</span>, pkt_data[i-1]); <span class="keywordflow">if</span> ( (i % LINE_LEN) == 0) printf(<span class="stringliteral">"\n"</span>); } printf(<span class="stringliteral">"\n\n"</span>); } <span class="keywordflow">if</span> (res == -1) { printf(<span class="stringliteral">"Error reading the packets: %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a">pcap_geterr</a>(fp)); } <span class="keywordflow">return</span> 0;}</pre></div><p><b>Writing packets to a dump file with pcap_live_dump</b><p><b>NOTE:</b> At the moment, due to some problems with the new kernel buffer, this feature has been disabled.<p>Recent versions of WinPcap provide a further way to save network traffic to disk, the <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> function. <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> takes three parameters: a file name, the maximum size (in bytes) that this file is allowed to reach and the maximum amount of packets that the file is allowed to contain. Zero means no limit for both these values. Notice that the program can set a filter (with <a class="el" href="group__wpcapfunc.html#gf5f9cfe85dad0967ff607e5159b1ba61">pcap_setfilter()</a>, see the tutorial <a class="el" href="group__wpcap__tut5.html">Filtering the traffic</a>) before calling <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d">pcap_live_dump()</a> to define the subset of the traffic that will be saved.<p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -