int openpcapfile(pcap_t **pcapout, char *filename) { pcap_t *pcap; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host filename, // name of the file we want to open errbuf // error buffer ) != 0) { fprintf(stderr,"\nError creating a source string\n"); return -1; } /* Open the capture file */ if ( (pcap = pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open %s: %s\n", filename, errbuf); return -1; } *pcapout = pcap; return 0; }
GList * get_remote_interface_list(const char *hostname, const char *port, int auth_type, const char *username, const char *passwd, int *err, char **err_str) { struct pcap_rmtauth auth; char source[PCAP_BUF_SIZE]; char errbuf[PCAP_ERRBUF_SIZE]; GList *result; if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port, NULL, errbuf) == -1) { *err = CANT_GET_INTERFACE_LIST; if (err_str != NULL) *err_str = cant_get_if_list_error_message(errbuf); return NULL; } auth.type = auth_type; auth.username = g_strdup(username); auth.password = g_strdup(passwd); result = get_interface_list_findalldevs_ex(source, &auth, err, err_str); g_free(auth.username); g_free(auth.password); return result; }
int add_stream_from_pcap(char *file_path) { pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; struct pcap_pkthdr *header; const u_char *pkt_data; t_stream t_stream_tmp; /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host file_path, // name of the file we want to open errbuf // error buffer ) != 0) { WinPrintf(hwnd_frame, "Error creating a source string"); return -1; } /* Open the capture file */ if ( (fp= pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { WinPrintf(hwnd_frame, "打开文件失败:\n%s\n可能是抓包存档文件损坏或格式不支持", source); return -1; } while (pcap_next_ex(fp, &header, &pkt_data)>0) { if (nr_cur_stream>=MAX_STREAM_NUM) { err_msg_box("已达最大流数目 %d", MAX_STREAM_NUM); break; } init_stream(&t_stream_tmp); t_stream_tmp.len=header->caplen; memcpy(t_stream_tmp.data, pkt_data, t_stream_tmp.len); t_stream_tmp.err_flags = build_err_flags((void *)(t_stream_tmp.data), t_stream_tmp.len); add_stream(&t_stream_tmp); } pcap_close(fp); re_populate_items(); return 0; }
int main(int argc, char **argv) { pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; if(argc != 2){ printf("usage: %s filename", argv[0]); return -1; } /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host argv[1], // name of the file we want to open errbuf // error buffer ) != 0) { fprintf(stderr,"\nError creating a source string\n"); return -1; } /* Open the capture file */ if ( (fp= pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the file %s.\n", source); return -1; } // read and dispatch packets until EOF is reached pcap_loop(fp, 0, dispatcher_handler, NULL); return 0; }
int main(int argc, char **argv) { pcap_t *fp; struct pcap_pkthdr *header; const u_char *pkt_data; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; int res; log_file = fopen("log.txt", "w"); WRITE_TO_LOG("Start main"); if(argc!=2) { fprintf(stderr, "Usage: %s filename", argv[0]); exit(EXIT_FAILURE); } /*Create the source string from the filename*/ WRITE_TO_LOG("Creating the source string from the filename"); if(pcap_createsrcstr( source, //To keep source string PCAP_SRC_FILE, //We're opening a file NULL, //Remote host NULL, //Port on the remote host argv[1], //Name of the file to be opened errbuf) != 0) { fprintf(stderr, "\nError creating source string: %s", errbuf); exit(EXIT_FAILURE); } /*Open the capture file*/ WRITE_TO_LOG("Open the capture file"); if((fp=pcap_open( source, //Device name 65536, //Portion of the packet to be captured PCAP_OPENFLAG_PROMISCUOUS, //Promiscuous mode 1000, //Read timeout NULL, //Authentication on remote host errbuf))==NULL) { fprintf(stderr, "\nUnable to open the file %s: %s", argv[1], errbuf); exit(EXIT_FAILURE); } WRITE_TO_LOG("Calling dispatch handler"); while((res=pcap_next_ex(fp, &header, &pkt_data))>=0) { dispatch_handler(NULL, header, pkt_data); } if(res==-1) { fprintf(stderr, "Error opening the file for reading packets: %s\n", pcap_geterr(fp)); exit(EXIT_FAILURE); } //pcap_loop(fp, 0, dispatch_handler, NULL); WRITE_TO_LOG("Calling perform_regex"); perform_regex("regex_list.txt", "C:\\smtp_dump_output.txt"); //perform_regex("regex_list.txt", "C:\\agentlog.txt"); Sleep(10000); WRITE_TO_LOG("Exiting.."); fclose(log_file); }
main(int argc, char **argv) { pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; struct pcap_pkthdr *header; const u_char *pkt_data; u_int i=0; int res; if(argc != 2) { printf("usage: %s filename", argv[0]); return -1; } /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host argv[1], // name of the file we want to open errbuf // error buffer ) != 0) { fprintf(stderr,"\nError creating a source string\n"); return -1; } /* Open the capture file */ if ( (fp= pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the file %s.\n", source); return -1; } /* Retrieve the packets from the file */ while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0) { /* print pkt timestamp and pkt len */ printf("%ld:%ld (%ld)\n", header->ts.tv_sec, header->ts.tv_usec, header->len); /* Print the packet */ for (i=1; (i < header->caplen + 1 ) ; i++) { printf("%.2x ", pkt_data[i-1]); if ( (i % LINE_LEN) == 0) printf("\n"); } printf("\n\n"); } if (res == -1) { printf("Error reading the packets: %s\n", pcap_geterr(fp)); } return 0; }
void main(int argc, char **argv) { pcap_t *indesc,*outdesc; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; FILE *capfile; int caplen, sync; u_int res; pcap_send_queue *squeue; struct pcap_pkthdr *pktheader; u_char *pktdata; float cpu_time; u_int npacks = 0; /* Check the validity of the command line */ if (argc <= 2 || argc >= 5) { usage(); return; } /* Retrieve the length of the capture file */ capfile=fopen(argv[1],"rb"); if(!capfile){ printf("Capture file not found!\n"); return; } fseek(capfile , 0, SEEK_END); caplen= ftell(capfile)- sizeof(struct pcap_file_header); fclose(capfile); /* Chek if the timestamps must be respected */ if(argc == 4 && argv[3][0] == 's') sync = TRUE; else sync = FALSE; /* Open the capture */ /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host argv[1], // name of the file we want to open errbuf // error buffer ) != 0) { fprintf(stderr,"\nError creating a source string\n"); return; } /* Open the capture file */ if ( (indesc= pcap_open(source, 65536, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL) { fprintf(stderr,"\nUnable to open the file %s.\n", source); return; } /* Open the output adapter */ if ( (outdesc= pcap_open(argv[2], 100, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf) ) == NULL) { fprintf(stderr,"\nUnable to open adapter %s.\n", source); return; } /* Check the MAC type */ if (pcap_datalink(indesc) != pcap_datalink(outdesc)) { printf("Warning: the datalink of the capture differs from the one of the selected interface.\n"); printf("Press a key to continue, or CTRL+C to stop.\n"); getchar(); } /* Allocate a send queue */ squeue = pcap_sendqueue_alloc(caplen); /* Fill the queue with the packets from the file */ while ((res = pcap_next_ex( indesc, &pktheader, &pktdata)) == 1) { if (pcap_sendqueue_queue(squeue, pktheader, pktdata) == -1) { printf("Warning: packet buffer too small, not all the packets will be sent.\n"); break; } npacks++; } if (res == -1) { printf("Corrupted input file.\n"); pcap_sendqueue_destroy(squeue); return; } /* Transmit the queue */ cpu_time = (float)clock (); if ((res = pcap_sendqueue_transmit(outdesc, squeue, sync)) < squeue->len) { printf("An error occurred sending the packets: %s. Only %d bytes were sent\n", pcap_geterr(outdesc), res); } cpu_time = (clock() - cpu_time)/CLK_TCK; printf ("\n\nElapsed time: %5.3f\n", cpu_time); printf ("\nTotal packets generated = %d", npacks); printf ("\nAverage packets per second = %d", (int)((double)npacks/cpu_time)); printf ("\n"); /* free the send queue */ pcap_sendqueue_destroy(squeue); /* Close the input file */ pcap_close(indesc); /* * lose the output adapter * IMPORTANT: remember to close the adapter, otherwise there will be no guarantee that all the * packets will be sent! */ pcap_close(outdesc); return; }
int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) { int type; char name[PCAP_BUF_SIZE], path[PCAP_BUF_SIZE], filename[PCAP_BUF_SIZE]; size_t pathlen; size_t stringlen; pcap_t *fp; char tmpstring[PCAP_BUF_SIZE + 1]; /* Needed to convert names and descriptions from 'old' syntax to the 'new' one */ pcap_if_t *lastdev; /* Last device in the pcap_if_t list */ pcap_if_t *dev; /* Device we're adding to the pcap_if_t list */ /* List starts out empty. */ (*alldevs) = NULL; lastdev = NULL; if (strlen(source) > PCAP_BUF_SIZE) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "The source string is too long. Cannot handle it correctly."); return -1; } /* * Determine the type of the source (file, local, remote) * There are some differences if pcap_findalldevs_ex() is called to list files and remote adapters. * In the first case, the name of the directory we have to look into must be present (therefore * the 'name' parameter of the pcap_parsesrcstr() is present). * In the second case, the name of the adapter is not required (we need just the host). So, we have * to use a first time this function to get the source type, and a second time to get the appropriate * info, which depends on the source type. */ if (pcap_parsesrcstr(source, &type, NULL, NULL, NULL, errbuf) == -1) return -1; switch (type) { case PCAP_SRC_IFLOCAL: if (pcap_parsesrcstr(source, &type, NULL, NULL, NULL, errbuf) == -1) return -1; /* Initialize temporary string */ tmpstring[PCAP_BUF_SIZE] = 0; /* The user wants to retrieve adapters from a local host */ if (pcap_findalldevs(alldevs, errbuf) == -1) return -1; if (*alldevs == NULL) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "No interfaces found! Make sure libpcap/Npcap is properly installed" " on the local machine."); return -1; } /* Scan all the interfaces and modify name and description */ /* This is a trick in order to avoid the re-implementation of the pcap_findalldevs here */ dev = *alldevs; while (dev) { char *localdesc, *desc; /* Create the new device identifier */ if (pcap_createsrcstr(tmpstring, PCAP_SRC_IFLOCAL, NULL, NULL, dev->name, errbuf) == -1) return -1; /* Delete the old pointer */ free(dev->name); /* Make a copy of the new device identifier */ dev->name = strdup(tmpstring); if (dev->name == NULL) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); pcap_freealldevs(*alldevs); return -1; } /* * Create the description. */ if ((dev->description == NULL) || (dev->description[0] == 0)) localdesc = dev->name; else localdesc = dev->description; if (pcap_asprintf(&desc, "%s '%s' %s", PCAP_TEXT_SOURCE_ADAPTER, localdesc, PCAP_TEXT_SOURCE_ON_LOCAL_HOST) == -1) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); pcap_freealldevs(*alldevs); return -1; } /* Now overwrite the description */ free(dev->description); dev->description = desc; dev = dev->next; } return 0; case PCAP_SRC_FILE: { #ifdef _WIN32 WIN32_FIND_DATA filedata; HANDLE filehandle; #else struct dirent *filedata; DIR *unixdir; #endif if (pcap_parsesrcstr(source, &type, NULL, NULL, name, errbuf) == -1) return -1; /* Check that the filename is correct */ stringlen = strlen(name); /* The directory must end with '\' in Win32 and '/' in UNIX */ #ifdef _WIN32 #define ENDING_CHAR '\\' #else #define ENDING_CHAR '/' #endif if (name[stringlen - 1] != ENDING_CHAR) { name[stringlen] = ENDING_CHAR; name[stringlen + 1] = 0; stringlen++; } /* Save the path for future reference */ pcap_snprintf(path, sizeof(path), "%s", name); pathlen = strlen(path); #ifdef _WIN32 /* To perform directory listing, Win32 must have an 'asterisk' as ending char */ if (name[stringlen - 1] != '*') { name[stringlen] = '*'; name[stringlen + 1] = 0; } filehandle = FindFirstFile(name, &filedata); if (filehandle == INVALID_HANDLE_VALUE) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path); return -1; } #else /* opening the folder */ unixdir= opendir(path); /* get the first file into it */ filedata= readdir(unixdir); if (filedata == NULL) { pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path); return -1; } #endif /* Add all files we find to the list. */ do { #ifdef _WIN32 /* Skip the file if the pathname won't fit in the buffer */ if (pathlen + strlen(filedata.cFileName) >= sizeof(filename)) continue; pcap_snprintf(filename, sizeof(filename), "%s%s", path, filedata.cFileName); #else if (pathlen + strlen(filedata->d_name) >= sizeof(filename)) continue; pcap_snprintf(filename, sizeof(filename), "%s%s", path, filedata->d_name); #endif fp = pcap_open_offline(filename, errbuf); if (fp) { /* allocate the main structure */ dev = (pcap_if_t *)malloc(sizeof(pcap_if_t)); if (dev == NULL) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); pcap_freealldevs(*alldevs); return -1; } /* Initialize the structure to 'zero' */ memset(dev, 0, sizeof(pcap_if_t)); /* Append it to the list. */ if (lastdev == NULL) { /* * List is empty, so it's also * the first device. */ *alldevs = dev; } else { /* * Append after the last device. */ lastdev->next = dev; } /* It's now the last device. */ lastdev = dev; /* Create the new source identifier */ if (pcap_createsrcstr(tmpstring, PCAP_SRC_FILE, NULL, NULL, filename, errbuf) == -1) { pcap_freealldevs(*alldevs); return -1; } dev->name = strdup(tmpstring); if (dev->name == NULL) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); pcap_freealldevs(*alldevs); return -1; } /* * Create the description. */ if (pcap_asprintf(&dev->description, "%s '%s' %s", PCAP_TEXT_SOURCE_FILE, filename, PCAP_TEXT_SOURCE_ON_LOCAL_HOST) == -1) { pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, errno, "malloc() failed"); pcap_freealldevs(*alldevs); return -1; } pcap_close(fp); } } #ifdef _WIN32 while (FindNextFile(filehandle, &filedata) != 0); #else while ( (filedata= readdir(unixdir)) != NULL); #endif #ifdef _WIN32 /* Close the search handle. */ FindClose(filehandle); #endif return 0; } case PCAP_SRC_IFREMOTE: return pcap_findalldevs_ex_remote(source, auth, alldevs, errbuf); default: pcap_strlcpy(errbuf, "Source type not supported", PCAP_ERRBUF_SIZE); return -1; } }
void CMyListView::Capoffline(CString m_open_filepath)//文件读取操作函数 { char errbuf[PCAP_ERRBUF_SIZE]; char source[1024]; // struct pcap_pkthdr *header;//网络包头 const u_char *pkt_data;//数据报数据 CString m_packetlen;//数据包长度 CString m_protocol;//数据包协议 CString m_count1;//数据包计数 u_int i=0; pcap_t *fp; int m_count=0; struct pcap_pkthdr* protocol_header;//协议头 int res; if (pcap_createsrcstr(source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host m_open_filepath, // name of the file we want to open errbuf // error buffer ) != 0) { AfxMessageBox(errbuf); } if ((fp=pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { AfxMessageBox(errbuf); } m_mydata=(mydata*)malloc((m_mystruct.m_count-1)*sizeof(mydata));//数据包个数 while((res = pcap_next_ex(fp,&protocol_header,&pkt_data))>=0) { if (protocol_header->len==0) continue; m_mydata[m_count].len=protocol_header->len; m_mydata[m_count].pkt_data=(unsigned char*)malloc(protocol_header->len); memcpy(m_mydata[m_count].pkt_data,pkt_data,protocol_header->len); m_packetlen.Format("%d",protocol_header->len); m_protocol=Packetanalyse(pkt_data);//协议分析 m_count1.Format("%d",m_count+1);//对要添加的信息做格式化处理 CListCtrl &m_list=GetListCtrl();//以下是对ListView添加信息 m_list.InsertItem(m_count,m_count1); m_list.SetItemText(m_count,1,ctime((const time_t*)&protocol_header->ts.tv_sec)); m_list.SetItemText(m_count,2,m_packetlen); m_list.SetItemText(m_count,3,inet_ntoa(ip_saddress)); m_list.SetItemText(m_count,4,inet_ntoa(ip_daddress)); m_list.SetItemText(m_count,5,m_mystruct.m_sourcemac); m_list.SetItemText(m_count,6,m_mystruct.m_destinanionmac); m_list.SetItemText(m_count,7,m_protocol); m_list.SetItemText(m_count,8,m_info); m_count++; } }