代码之家 › 专栏 › 技术社区 › Steven Smethurst

Winpcap保存非适配器的原始数据包

winpcap c++

Steven Smethurst · 技术社区 · 14 年前

我查看了Winpcap提供的示例,所有这些示例在转储数据包时都使用活动适配器。本例是最接近的\WpdPack\Examples pcap\savedump\savedump.c是最接近的,请参见下面稍微修改的示例。

#ifdef _MSC_VER
/*
 * we do not want the warnings about the old deprecated and unsecure CRT functions
 * since these examples can be compiled under *nix as well
 */
#define _CRT_SECURE_NO_WARNINGS
#endif
#include "pcap.h"

int main(int argc, char **argv)
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int inum;
    int i=0;
    pcap_t *adhandle;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_dumper_t *dumpfile;


    /* Open the adapter */
    if ((adhandle= pcap_open(??????,    // name of the device
                             65536,         // portion of the packet to capture. 
                                            // 65536 grants that the whole packet will be captured on all the MACs.
                             1,             // promiscuous mode (nonzero means promiscuous)
                             1000,          // read timeout
                             errbuf         // error buffer
                             )) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    /* Open the dump file */
    dumpfile = pcap_dump_open(adhandle, argv[1]);
    if(dumpfile==NULL) {
        fprintf(stderr,"\nError opening output file\n");
        return -1;
    }    

    // ---------------------------
    struct pcap_pkthdr header;
    header.ts.tv_sec    = 1 ;   /* seconds */
    header.ts.tv_usec   = 1;    /* and microseconds */
    header.caplen       = 100;  /* length of portion present */
    header.len          = 100 ; /* length this packet (off wire) */

    u_char pkt_data[100];       
    for( int i = 0 ; i < 100 ; i++ ) {
        pkt_data[i] = i ; 
    }

    pcap_dump( (u_char *) dumpfile, &header, (u_char *)  &pkt_data);
    // ---------------------------

    /* start the capture */
    // pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);

    pcap_close(adhandle);
    return 0;
}

2 回复 | 直到 14 年前

nos 14 年前

FILE* create_pcap_file(const char *filename, int linktype)
{
    struct pcap_file_header fh;
    fh.magic = TCPDUMP_MAGIC;
    fh.sigfigs = 0;
    fh.version_major = 2;
    fh.version_minor = 4;
    fh.snaplen = 2<<15; 
    fh.thiszone = 0;
    fh.linktype = linktype;

    FILE *file = fopen(filename, "wb");
    if(file != NULL) {
        if(fwrite(&fh, sizeof(fh), 1, file) != 1) {
            fclose(file);
            file = NULL;
        }
    }

    return file;
}

int write_pcap_packet(FILE* file,size_t length,const unsigned char *data,const struct timeval *tval)
{
    struct pcap_pkthdr pkhdr;
    pkhdr.caplen = length;
    pkhdr.len = length;
    pkhdr.ts = *tval;

    if(fwrite(&pkhdr, sizeof(pkhdr), 1, file) != 1) {
        return 1;
    }

    if(fwrite(data, 1, length, file) != length) {
        return 2;
    }

    return 0;
}

brickner 14 年前

我建议你用 pcap_t 因为使用WinPcap比自己编写要好。

具体操作步骤如下:

使用 pcap_open_dead() pcap\t公司 . 阅读功能说明 here . 这个 linktype
pcap_dump_open() pcap_dumper_t .
使用 pcap_dump()

我希望这对你有帮助。