📄 group__wpcap__tut9.html
字号:
<span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#gf5f9cfe85dad0967ff607e5159b1ba61" title="Associate a filter to a capture.">pcap_setfilter</a>(fp, &fcode)<0) { fprintf(stderr,<span class="stringliteral">"\nError setting the filter.\n"</span>); <a class="code" href="group__wpcapfunc.html#ga45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp); <span class="comment">/* Free the device list */</span> <span class="keywordflow">return</span>; } <span class="comment">/* Put the interface in statstics mode */</span> <span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#gef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode</a>(fp, <a class="code" href="group__NPF__include.html#g503326906a62e96c147ae6af31fb5659" title="Statistical working mode.">MODE_STAT</a>)<0) { fprintf(stderr,<span class="stringliteral">"\nError setting the mode.\n"</span>); <a class="code" href="group__wpcapfunc.html#ga45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp); <span class="comment">/* Free the device list */</span> <span class="keywordflow">return</span>; } printf(<span class="stringliteral">"TCP traffic summary:\n"</span>); <span class="comment">/* Start the main loop */</span> <a class="code" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop</a>(fp, 0, dispatcher_handler, (PUCHAR)&st_ts); <a class="code" href="group__wpcapfunc.html#ga45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp); <span class="keywordflow">return</span>;}<span class="keywordtype">void</span> dispatcher_handler(u_char *state, <span class="keyword">const</span> <span class="keyword">struct</span> <a class="code" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> *header, <span class="keyword">const</span> u_char *pkt_data){ <span class="keyword">struct </span>timeval *old_ts = (<span class="keyword">struct </span>timeval *)state; u_int delay; LARGE_INTEGER Bps,Pps; <span class="keyword">struct </span>tm ltime; <span class="keywordtype">char</span> timestr[16]; time_t local_tv_sec; <span class="comment">/* Calculate the delay in microseconds from the last sample. */</span> <span class="comment">/* This value is obtained from the timestamp that the associated with the sample. */</span> delay=(header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec - old_ts->tv_sec) * 1000000 - old_ts->tv_usec + header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_usec; <span class="comment">/* Get the number of Bits per second */</span> Bps.QuadPart=(((*(LONGLONG*)(pkt_data + 8)) * 8 * 1000000) / (delay)); <span class="comment">/* ^ ^</span><span class="comment"> | |</span><span class="comment"> | | </span><span class="comment"> | |</span><span class="comment"> converts bytes in bits -- |</span><span class="comment"> |</span><span class="comment"> delay is expressed in microseconds --</span><span class="comment"> */</span> <span class="comment">/* Get the number of Packets per second */</span> Pps.QuadPart=(((*(LONGLONG*)(pkt_data)) * 1000000) / (delay)); <span class="comment">/* Convert the timestamp to readable format */</span> local_tv_sec = header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec; localtime_s(&ltime, &local_tv_sec); strftime( timestr, <span class="keyword">sizeof</span> timestr, <span class="stringliteral">"%H:%M:%S"</span>, &ltime); <span class="comment">/* Print timestamp*/</span> printf(<span class="stringliteral">"%s "</span>, timestr); <span class="comment">/* Print the samples */</span> printf(<span class="stringliteral">"BPS=%I64u "</span>, Bps.QuadPart); printf(<span class="stringliteral">"PPS=%I64u\n"</span>, Pps.QuadPart); <span class="comment">//store current timestamp</span> old_ts->tv_sec=header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_sec; old_ts->tv_usec=header-><a class="code" href="structpcap__pkthdr.html#21be78b2818c91cb205885b8a6f5aed8" title="time stamp">ts</a>.tv_usec;}<span class="keywordtype">void</span> usage(){ printf(<span class="stringliteral">"\nShows the TCP traffic load, in bits per second and packets per second.\nCopyright (C) 2002 Loris Degioanni.\n"</span>); printf(<span class="stringliteral">"\nUsage:\n"</span>); printf(<span class="stringliteral">"\t tcptop adapter\n"</span>); printf(<span class="stringliteral">"\t You can use \"WinDump -D\" if you don't know the name of your adapters.\n"</span>); exit(0);}</pre></div><p>Before enabling statistical mode, the user has the option to set a filter that defines the subset of network traffic that will be monitored. See the paragraph on the <a class="el" href="group__language.html">Filtering expression syntax</a> for details. If no filter has been set, all of the traffic will be monitored.<p>Once<p><ul><li>the filter is set</li><li><a class="el" href="group__wpcapfunc.html#gef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode()</a> is called</li><li>callback invocation is enabled with <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a></li></ul><p>the interface descriptor starts to work in statistical mode. Notice the fourth parameter (<em>to_ms</em>) of <a class="el" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791" title="Open a generic source in order to capture / send (WinPcap only) traffic.">pcap_open()</a>: it defines the interval among the statistical samples. The callback function receives the samples calculated by the driver every <em>to_ms</em> milliseconds. These samples are encapsulated in the second and third parameters of the callback function, as shown in the following figure:<p><div align="center"><img src="stats_wpcap.gif" alt="stats_wpcap.gif"></div><p>Two 64-bit counters are provided: the number of packets and the amount of bytes received during the last interval.<p>In the example, the adapter is opened with a timeout of 1000 ms. This means that dispatcher_handler() is called once per second. At this point a filter that keeps only tcp packets is compiled and set. Then <a class="el" href="group__wpcapfunc.html#gef07ef49d3c75644f3fd34518e2fe720" title="Set the working mode of the interface p to mode.">pcap_setmode()</a> and <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> are called. Note that a struct timeval pointer is passed to <a class="el" href="group__wpcapfunc.html#g6bcb7c5c59d76ec16b8a699da136b5de" title="Collect a group of packets.">pcap_loop()</a> as the <em>user</em> parameter. This structure will be used to store a timestamp in order to calculate the interval between two samples. dispatcher_handler()uses this interval to obtain the bits per second and the packets per second and then prints these values on the screen.<p>Note finally that this example is by far more efficient than a program that captures the packets in the traditional way and calculates statistics at user-level. Statistical mode requires the minumum amount of data copies and context switches and therefore the CPU is optimized. Moreover, a very small amount of memory is required.<p><a class="el" href="group__wpcap__tut8.html"><<< Previous</a> </div><hr><p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2008CACE Technologies. All rights reserved.</p>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -