⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 group__wpcap__tut7.html

📁 Winpcap是一个强大的网络开发库
💻 HTML
📖 第 1 页 / 共 3 页
字号:
🔍
123 
<b>Writing packets to a dump file with pcap_live_dump</b><p><b>NOTE:</b> At the moment, due to some problems with the new kernel buffer, this feature has been disabled.<p>Recent versions of WinPcap provide a further way to save network traffic to disk, the <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> function. <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> takes three parameters: a file name, the maximum size (in bytes) that this file is allowed to reach and the maximum amount of packets that the file is allowed to contain. Zero means no limit for both these values. Notice that the program can set a filter (with <a class="el" href="group__wpcapfunc.html#gf5f9cfe85dad0967ff607e5159b1ba61" title="Associate a filter to a capture.">pcap_setfilter()</a>, see the tutorial <a class="el" href="group__wpcap__tut5.html">Filtering the traffic</a>) before calling <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> to define the subset of the traffic that will be saved.<p><a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> is non-blocking, therefore it starts the dump and returns immediately: The dump process goes on asynchronously until the maximum file size or the maximum amount of packets has been reached.<p>The application can wait or check the end of the dump with <a class="el" href="group__wpcapfunc.html#gfe8a334f3a7ae2dc7f52e96523da39be" title="Return the status of the kernel dump process, i.e. tells if one of the limits defined...">pcap_live_dump_ended()</a>. <b>Beware</b> that if the <em>sync</em> parameter is nonzero, this function will block your application forever if the limits are both 0.<p><div class="fragment"><pre class="fragment"><span class="comment">/*</span><span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span><span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span><span class="comment"> * All rights reserved.</span><span class="comment"> *</span><span class="comment"> * Redistribution and use in source and binary forms, with or without</span><span class="comment"> * modification, are permitted provided that the following conditions</span><span class="comment"> * are met:</span><span class="comment"> *</span><span class="comment"> * 1. Redistributions of source code must retain the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer.</span><span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer in the</span><span class="comment"> * documentation and/or other materials provided with the distribution.</span><span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span><span class="comment"> * nor the names of its contributors may be used to endorse or promote </span><span class="comment"> * products derived from this software without specific prior written </span><span class="comment"> * permission.</span><span class="comment"> *</span><span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span><span class="comment"> * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span><span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span><span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span><span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span><span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span><span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span><span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span><span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span><span class="comment"> *</span><span class="comment"> */</span><span class="preprocessor">#include &lt;stdlib.h&gt;</span><span class="preprocessor">#include &lt;stdio.h&gt;</span><span class="preprocessor">#include &lt;pcap.h&gt;</span><span class="preprocessor">#error At the moment the kernel dump feature is not supported in the driver</span><span class="preprocessor"></span>main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv) {        <a class="code" href="structpcap__if.html" title="Item in a list of interfaces, used by pcap_findalldevs().">pcap_if_t</a> *alldevs, *d;    <a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7" title="Descriptor of an open capture instance. This structure is opaque to the user, that...">pcap_t</a> *fp;    u_int inum, i=0;    <span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927" title="Size to use when allocating the buffer that contains the libpcap errors.">PCAP_ERRBUF_SIZE</a>];    printf(<span class="stringliteral">"kdump: saves the network traffic to file using WinPcap kernel-level dump faeature.\n"</span>);    printf(<span class="stringliteral">"\t Usage: %s [adapter] | dump_file_name max_size max_packs\n"</span>, argv[0]);    printf(<span class="stringliteral">"\t Where: max_size is the maximum size that the dump file will reach (0 means no limit)\n"</span>);    printf(<span class="stringliteral">"\t Where: max_packs is the maximum number of packets that will be saved (0 means no limit)\n\n"</span>);    <span class="keywordflow">if</span>(argc &lt; 5){        <span class="comment">/* The user didn't provide a packet source: Retrieve the device list */</span>        <span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#g7b128eaeef627b408f6a6e2a2f5eb45d" title="Construct a list of network devices that can be opened with pcap_open_live().">pcap_findalldevs</a>(&amp;alldevs, errbuf) == -1)        {            fprintf(stderr,<span class="stringliteral">"Error in pcap_findalldevs: %s\n"</span>, errbuf);            exit(1);        }                <span class="comment">/* Print the list */</span>        <span class="keywordflow">for</span>(d=alldevs; d; d=d-&gt;<a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536" title="if not NULL, a pointer to the next element in the list; NULL for the last element...">next</a>)        {            printf(<span class="stringliteral">"%d. %s"</span>, ++i, d-&gt;<a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8" title="a pointer to a string giving a name for the device to pass to pcap_open_live()">name</a>);            <span class="keywordflow">if</span> (d-&gt;<a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559" title="if not NULL, a pointer to a string giving a human-readable description of the device...">description</a>)                printf(<span class="stringliteral">" (%s)\n"</span>, d-&gt;<a class="code" href="structpcap__if.html#8444d6e0dfe2bbab0b5e7b24308f1559" title="if not NULL, a pointer to a string giving a human-readable description of the device...">description</a>);            <span class="keywordflow">else</span>                printf(<span class="stringliteral">" (No description available)\n"</span>);        }                <span class="keywordflow">if</span>(i==0)        {            printf(<span class="stringliteral">"\nNo interfaces found! Make sure WinPcap is installed.\n"</span>);            <span class="keywordflow">return</span> -1;        }                printf(<span class="stringliteral">"Enter the interface number (1-%d):"</span>,i);        scanf(<span class="stringliteral">"%d"</span>, &amp;inum);                <span class="keywordflow">if</span>(inum &lt; 1 || inum &gt; i)        {            printf(<span class="stringliteral">"\nInterface number out of range.\n"</span>);            <span class="comment">/* Free the device list */</span>            <span class="keywordflow">return</span> -1;        }                <span class="comment">/* Jump to the selected adapter */</span>        <span class="keywordflow">for</span>(d=alldevs, i=0; i&lt; inum-1 ;d=d-&gt;<a class="code" href="structpcap__if.html#81508e6e4e41ca4235c8d6b51913c536" title="if not NULL, a pointer to the next element in the list; NULL for the last element...">next</a>, i++);                <span class="comment">/* Open the device */</span>        <span class="keywordflow">if</span> ( (fp = <a class="code" href="group__wpcapfunc.html#gae6abe06e15c87b803f69773822beca8" title="Open a live capture from the network.">pcap_open_live</a>(d-&gt;<a class="code" href="structpcap__if.html#5ac083a645d964373f022d03df4849c8" title="a pointer to a string giving a name for the device to pass to pcap_open_live()">name</a>, 100, 1, 20, errbuf) ) == NULL)        {            fprintf(stderr,<span class="stringliteral">"\nError opening adapter\n"</span>);            <span class="keywordflow">return</span> -1;        }        <span class="comment">/* Free the device list */</span>        <a class="code" href="group__wpcapfunc.html#g346b4b0b7fd1cda4abb9a39f767dbeb1" title="Free an interface list returned by pcap_findalldevs().">pcap_freealldevs</a>(alldevs);        <span class="comment">/* Start the dump */</span>        <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump</a>(fp, argv[1], atoi(argv[2]), atoi(argv[3]))==-1){            printf(<span class="stringliteral">"Unable to start the dump, %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a" title="return the error text pertaining to the last pcap library error.">pcap_geterr</a>(fp));            <span class="keywordflow">return</span> -1;        }    }    <span class="keywordflow">else</span>{                <span class="comment">/* Open the device */</span>        <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#gae6abe06e15c87b803f69773822beca8" title="Open a live capture from the network.">pcap_open_live</a>(argv[1], 100, 1, 20, errbuf) ) == NULL)        {            fprintf(stderr,<span class="stringliteral">"\nError opening adapter\n"</span>);            <span class="keywordflow">return</span> -1;        }        <span class="comment">/* Start the dump */</span>        <span class="keywordflow">if</span>(<a class="code" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump</a>(fp, argv[0], atoi(argv[1]), atoi(argv[2]))==-1){            printf(<span class="stringliteral">"Unable to start the dump, %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a" title="return the error text pertaining to the last pcap library error.">pcap_geterr</a>(fp));            <span class="keywordflow">return</span> -1;        }    }    <span class="comment">/* Wait until the dump finishes, i.e. when  max_size or max_packs is reached*/</span>    <a class="code" href="group__wpcapfunc.html#gfe8a334f3a7ae2dc7f52e96523da39be" title="Return the status of the kernel dump process, i.e. tells if one of the limits defined...">pcap_live_dump_ended</a>(fp, TRUE);        <span class="comment">/* Close the adapter, so that the file is correctly flushed */</span>    <a class="code" href="group__wpcapfunc.html#ga45a5e1a4ba9925bb3586dcbeec78560" title="close the files associated with p and deallocates resources.">pcap_close</a>(fp);    <span class="keywordflow">return</span> 0;}</pre></div><p>The difference between <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> and <a class="el" href="group__wpcapfunc.html#g659439bf5aa3988b5a92d31990fbf437" title="Save a packet to disk.">pcap_dump()</a>, apart from the possibility to set limits, is performance. <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> exploits the ability of the WinPcap NPF driver (see <a class="el" href="group__NPF.html">NPF driver internals manual</a>) to write dumps from kernel level, minimizing the number of context switches and memory copies.<p>Obviously, since this feature is currently not available on other operating systems, <a class="el" href="group__wpcapfunc.html#gedef54159d918b22a7de8e75b8a3ef4d" title="Save a capture to file.">pcap_live_dump()</a> is WinPcap specific and is present only under Win32.<p><a class="el" href="group__wpcap__tut6.html">&lt;&lt;&lt; Previous</a> <a class="el" href="group__wpcap__tut8.html">Next &gt;&gt;&gt;</a> </div><hr><p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2008CACE Technologies. All rights reserved.</p>
123

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -