#include "pcap.h"void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);int main()
{
pcap_if_t *alldevs;pcap_if_t *d;int inum;int i=0;pcap_t *adhandle;char errbuf[PCAP_ERRBUF_SIZE]; if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1);
} for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); } if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; } printf("Enter the interface number (1-%d):",i); scanf_s("%d", &inum); if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); pcap_freealldevs(alldevs); return -1; } for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); if ( (adhandle= pcap_open(d->name, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); pcap_freealldevs(alldevs); return -1; } printf("\nlistening on %s
\n", d->description); pcap_freealldevs(alldevs); pcap_loop(adhandle, 0, packet_handler, NULL); return 0;
}void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data){ struct tm ltime; char timestr[16]; time_t local_tv_sec; (VOID)(param); (VOID)(pkt_data); local_tv_sec = header->ts.tv_sec; localtime_s(<ime, &local_tv_sec); strftime( timestr, sizeof timestr, "%H:%M:%S", <ime); printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len); }榪欓噷涓昏鏄兂璇存槑涓嬪洖璋冨嚱鏁扮殑鍚勪釜鍙傛暟錛岄『渚胯涓媝cap_loop
int pcap_loop (
pcap_t * p,
int cnt,
pcap_handler callback,
u_char * user
)
pcap_t緇撴瀯瀵瑰紑鍙戣呮槸涓嶉忔槑鐨勶紝涓鑸槸鐢眕cap_open榪斿洖錛屽彲浠ヨ涓烘槸鎶撳寘鐨勫彞鏌勩俢nt琛ㄧず鎶撳埌cnt涓寘鍚巐oop緇撴潫錛宑allback灝辨槸澶勭悊鍖呯殑鍥炶皟鍑芥暟浜嗐倁ser鍙槸鐢ㄦ潵鎻忚堪榪欐鎶撳寘錛屽彲浠ョ疆涓篘ULL錛屽鏋滆寰楅渶瑕侊紝涔熷彲浠ユ妸鎶撳寘鐨勭洰鐨勫晩浠涔堢殑鍐欎笂鍘匯?/p>
-1 is returned on an error; 0 is returned if cnt is exhausted; -2 is returned if the loop terminated due to a call to pcap_breakloop() before any packets were processed. If your application uses pcap_breakloop(), make sure that you explicitly check for -1 and -2, rather than just checking for a return value < 0.
鍑洪敊榪斿洖-1錛屾姄瀹屼簡cnt涓寘榪斿洖0錛屽湪澶勭悊鍖呬箣鍓嶅氨璋冪敤pcap_breakloop()緇堢粨loop鍒欒繑鍥?2.鎵鏈夊鏋滆皟鐢ㄤ簡pcap_breakloop() 錛屽繀欏繪鏌ヨ繑鍥炲兼槸-1榪樻槸-2錛屼笉鑳芥潵絎肩粺媯鏌ユ槸鍚﹀皬浜?.
int pcap_dispatch (
pcap_t * p,
int cnt,
pcap_handler callback,
u_char * user
)
pcap_dispatch鍜宲cap_loop鐨勫敮涓鍖哄埆鏄痯cap_dispatch浼氬洜涓鴻秴鏃惰岀粨鏉燂紙榪欎釜鏃墮棿鏄湪pcap_open閲岄潰璁劇疆鐨勶級錛宲cap_loop鍒欎笉綆★紝涓瀹氳鎶撶帺cnt涓寘
pcap_t* pcap_open
typedef void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
user灝辨槸pcap_loop閲岀殑u_char*user
pkt_header鏄痺inpcap緇欐姄鍒扮殑鍖呴檮涓婄殑澶達紝涓嶆槸IP鎶ユ枃澶撮儴銆乁DP鎶ユ枃澶撮儴絳夌瓑鍗忚澶撮儴銆?/p>
struct pcap_pkthdr {
};
pkt_data鏄姄鍒扮殑鍖呮暟鎹紝榪欓噷鍖呮嫭浜嗗崗璁殑澶撮儴銆?/p>