新手,什么都不懂
求比较容易上手易懂的
谢谢拉
求比较容易上手易懂的
谢谢拉
解决方案 »
- MFC 加载ICON资源时,加进去怎么变成bitmap了。
- 怎么区分Unicode与ASCII的一些关键字词
- 请问如何让两个程序访问同一块内存,谢谢!
- 关于网站自动登录浏览。
- 一道关于抛物线方程的求解题目
- 请教一个问题,关于SplitterWnd的,想用工具拦按钮事件实现分割窗口怎么办?
- 如何为基于ATL 的COM add-in 添加对话框?恳请指点,来者有分!
- rst1->MoveNext()问题
- CSocket或CAsyncSocket怎么知道网断了?
- 我想学vc,各位有什么建议?
- DBGrid控件怎么放在分割窗体中
- 高分求 NTLM 编码函数 (Basic Authentication方式)
Sample programs
A couple of sample programs are provided to show the usage of the WinPcap API. The source of the examples, along with all the files needed to compile and run them, can be found in the Developer's Pack. For didactic purpose we provide here a browsable version of the code: it is possible to click on the variables and functions to jump the documentation of each of them. For a more complete and better documented set of samples, give a look at the WinPcap Tutorial Section.
Packet Dump
This program reads the packets from a file or a network adapter, depending on a command line switch. If a source is not provided, the program shows a list of available adapters and gives the possibility to choose one of them. Once the capture is started, the program prints the timestamp, the length and the raw content of the packets. Once compiled, it can run on all the Win32 platforms. It can be compiled to run on Unix as well (the makefile is provided)./*
* Copyright (c) 1999 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>#include <pcap.h>#define LINE_LEN 16
main(int argc, char **argv)
{
pcap_if_t *alldevs, *d;
pcap_t *fp;
u_int inum, i=0;
char errbuf[PCAP_ERRBUF_SIZE];
int res;
struct pcap_pkthdr *header;
u_char *pkt_data; printf("pktdump_ex: prints the packets of the network using WinPcap.\n");
printf(" Usage: pktdump_ex [-s source]\n\n"
" Examples:\n"
" pktdump_ex -s file://c:/temp/file.acp\n"
" pktdump_ex -s rpcap://\\Device\\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998}\n\n"); if(argc < 3)
{ printf("\nNo adapter selected: printing the device list:\n");
/* The user didn't provide a packet source: Retrieve the local device list */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
exit(1);
}
/* Print the list */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s\n ", ++i, d->name); if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n"); /* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the device */
if ( (fp= pcap_open(d->name,
100 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
}
else
{
// Do not check for the switch type ('-s')
if ( (fp= pcap_open(argv[2],
100 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening source: %s\n", errbuf);
return -1;
}
} /* Read the packets */
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{ if(res == 0)
/* Timeout elapsed */
continue; /* print pkt timestamp and pkt len */
printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len);
/* Print the packet */
for (i=1; (i < header->caplen + 1 ) ; i++)
{
printf("%.2x ", pkt_data[i-1]);
if ( (i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
} if(res == -1)
{
printf("Error reading the packets: %s\n", pcap_geterr(fp));
return -1;
} return 0;
}
This is a more complete example of libpcap usage. It shows, among other things, how to create and set filters and how to save a capture to disk. It can be compiled under Win32 or Unix (projects and makefiles are provided). Pcap_filter (pf.exe) is a general-purpose packet filtering application: its input parameters are a source of packets (it can be a physical interface or a file), a filter and an output file. It takes packets from the source until CTRL+C is pressed or the whole file is processed, applies the filter to the incoming packets and saves them to the output file if they satisfy the filter. Pcap_filter can be used to dump network data according to a particular filter, but also to extract a set of packets from a previously saved file. The format of both input and output files is the libpcap one, i.e. same of WinDump, tcpdump and many other network tools./*
* Copyright (c) 1999 - 2003
* NetGroup, Politecnico di Torino (Italy)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <stdio.h>#include <pcap.h>#define MAX_PRINT 80
#define MAX_LINE 16
void usage();
void main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char *source=NULL;
char *ofilename=NULL;
char *filter=NULL;
int i;
pcap_dumper_t *dumpfile;
struct bpf_program fcode;
bpf_u_int32 NetMask;
int res;
struct pcap_pkthdr *header;
u_char *pkt_data; if (argc == 1)
{
usage();
return;
} for(i=1;i < argc; i+= 2)
{ switch (argv[i] [1])
{
case 's':
{
source=argv[i+1];
};
break; case 'o':
{
ofilename=argv[i+1];
};
break; case 'f':
{
filter=argv[i+1];
};
break;
}
} // open a capture from the network
if (source != NULL)
{
if ( (fp= pcap_open(argv[2],
1514 /*snaplen*/,
PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
20 /*read timeout*/,
NULL /* remote authentication */,
errbuf)
) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter.\n");
return;
}
} else usage(); if (filter != NULL)
{
// We should loop through the adapters returned by the pcap_findalldevs_ex()
// in order to locate the correct one.
//
// Let's do things simpler: we suppose to be in a C class network ;-)
NetMask=0xffffff; //compile the filter
if(pcap_compile(fp, &fcode, filter, 1, NetMask) < 0)
{
fprintf(stderr,"\nError compiling filter: wrong syntax.\n");
return;
} //set the filter
if(pcap_setfilter(fp, &fcode)<0)
{
fprintf(stderr,"\nError setting the filter\n");
return;
} } //open the dump file
if (ofilename != NULL)
{
dumpfile= pcap_dump_open(fp, ofilename); if (dumpfile == NULL)
{
fprintf(stderr,"\nError opening output file\n");
return;
}
}
else usage(); //start the capture
while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
{ if(res == 0)
/* Timeout elapsed */
continue; //save the packet on the dump file
pcap_dump((unsigned char *) dumpfile, header, pkt_data); }
}
void usage()
{ printf("\npf - Generic Packet Filter.\n");
printf("\nUsage:\npf [-s source] -o output_file_name -f filter_string\n\n");
exit(0);
}
http://support.microsoft.com/default.aspx?scid=kb;en-us;185728
http://support.microsoft.com/default.aspx?scid=kb;en-us;214396
http://www.vckbase.com