int main(int argc,char **argv)
{
daemon(0,0);
buf = malloc(BUFSIZ + 1);
if(NULL == buf) {
printf("buf null");
exit(1);
}
pcap_hnd = prepare_capture("eth2", 1, "");
pcap_loop(pcap_hnd, -1, &parse_http_packet, NULL);
return 0;
}
DWORD WINAPI eap_thread()
{
extern pcap_t *handle;
extern char devname[];
init_device();
init_frames ();
send_eap_packet (EAPOL_START);
pcap_loop (handle, -1, get_packet, NULL); /* main loop */
pcap_close (handle);
memset (devname, 0, MAX_DEV_NAME_LEN);
update_interface_state(NULL);
return 0;
}
//------------------------------------------------------------------------------
static void* workerThread(void* pArgument_p)
{
tEdrvInstance* pInstance = (tEdrvInstance*)pArgument_p;
int pcapRet;
int oldCancelType;
DEBUG_LVL_EDRV_TRACE("%s(): ThreadId:%ld\n", __func__, syscall(SYS_gettid));
pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldCancelType);
// Set up and activate the pcap live capture handle
pInstance->pPcapThread = startPcap();
if (pInstance->pPcapThread == NULL)
{
return NULL;
}
if (pcap_setdirection(pInstance->pPcapThread, PCAP_D_INOUT) < 0)
{
DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP direction!\n", __func__);
}
// signal that thread is successfully started
sem_post(&pInstance->syncSem);
pcapRet = pcap_loop(pInstance->pPcapThread, -1, packetHandler, (u_char*)pInstance);
switch (pcapRet)
{
case 0:
DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended because 'cnt' is exhausted.\n", __func__);
break;
case -1:
DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended because of an error!\n", __func__);
break;
case -2:
DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended normally.\n", __func__);
break;
default:
DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended (unknown return value).\n", __func__);
break;
}
return NULL;
}
int main(int argc, char *argv[]){
char *dev,errbuf[PCAP_ERRBUF_SIZE];
char *net_c = NULL,*mask_c = NULL;
bpf_u_int32 mask;
bpf_u_int32 net;
struct in_addr addr;
struct pcap_pkthdr header;
pcap_t *handle;
const u_char *packet;
struct bpf_program fp;
char filter_exp[] = "ip";
dev = pcap_lookupdev(errbuf);
if(dev == NULL) {
perror("can't find default dev!\n");
exit(-1);
}
printf("DEV:%s\n",dev);
if(pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
perror("can't get netmask\n");
net_c =0;
mask_c = 0;
exit(-1);
}
addr.s_addr = net;
net_c = inet_ntoa(addr);
printf("Net:%s\n",net_c);
addr.s_addr = mask;
mask_c = inet_ntoa(addr);
printf("Mask:%s\n",mask_c);
printf("==================================================\n");
handle = pcap_open_live(dev,1500,1,0,errbuf);
if(handle == NULL) {
perror("couldn't get handle!\n");
exit(-1);
}
if(pcap_compile(handle,&fp,filter_exp,0,mask)== -1) {
perror("Couldn't parse filter\n");
exit(-1);
}
if(pcap_setfilter(handle,&fp)==-1) {
perror("Couldn't install filter\n");
exit(-1);
}
pcap_loop(handle,-1,my_callback,NULL);
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture complete.\n");
}
static void pcap_init(int type, char *data, char *host)
{
char *filter = NULL;
pcap_t *handle = NULL;
struct bpf_program fp;
char errbuf[PCAP_ERRBUF_SIZE];
g_return_if_fail(data != NULL);
g_return_if_fail(host != NULL);
if(type == LIVE) {
handle = pcap_open_live(data, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Falha ao abrir device %s: %s\n", data, errbuf);
return;
}
} else {
handle = pcap_open_offline(data, errbuf);
if(handle == NULL) {
fprintf(stderr, "Falha: %s\n", errbuf);
return;
}
pcap_file(handle);
}
if(strlen(host) > 1) {
filter = g_strdup_printf("port 80 and host %s", host);
} else {
filter = g_strdup_printf("port 80");
}
if (pcap_compile(handle, &fp, filter, 0, 0) == -1) {
fprintf(stderr, "Falha ao compilar filtro %s: %s\n", filter, pcap_geterr(handle));
return;
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Falha ao utilizar filtro %s: %s\n", filter, pcap_geterr(handle));
return;
}
pcap_loop(handle, -1, packet_analyze, NULL);
pcap_freecode(&fp);
pcap_close(handle);
}
int CapturePacketThread::RunCapture()
{
Releaseinfo("RunCapture input");
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask=0xffffff;
struct bpf_program fp;
if((adhandle= pcap_open(devname.c_str(), // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
Releaseinfo("pcap_open fails");
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", devname.c_str());
return -1;
}
string filter("");
string host_str("");
host_str = AppConfig::SharedInstance()->GetHostIp();
filter+="host ";
filter+=ipstr;
filter+=" and (tcp or udp) and (not host ";
filter+=host_str;
filter+=")";
//char test_filter[100]={0};
//strcpy(test_filter,filter.c_str());
//Releaseinfo(test_filter);
if(pcap_compile(adhandle, &fp, filter.c_str(), 0, netmask) == -1) {
Releaseinfo("pcap_compile fails");
fprintf(stderr, "Error calling pcap_compile\n");
return -1;
}
if(pcap_setfilter(adhandle, &fp) == -1) {
Releaseinfo("pcap_setfilter fails");
fprintf(stderr, "Error setting filter\n");
return -1;
}
char user_ip[20]={0};
strcpy(user_ip,ipstr.c_str());
pcap_loop(adhandle, 0, PacketHandler, (u_char*)user_ip);
return 0;
}
int main(int argc,char **argv)
{
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
struct bpf_program fp; /* hold compiled program */
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
u_char* args = NULL;
/* Options must be passed in as a string because I am lazy */
if(argc < 2){
fprintf(stdout,"Usage: %s numpackets \"options\"\n",argv[0]);
return 0;
}
/* grab a device to peak into... */
//dev = pcap_lookupdev(errbuf);
dev = "wlan0"
if(dev == NULL)
{ printf("%s\n",errbuf); exit(1); }
/* ask pcap for the network address and mask of the device */
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading. NOTE: defaulting to
* promiscuous mode*/
descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %s\n",errbuf); exit(1); }
if(argc > 2)
{
/* Lets try and compile the program.. non-optimized */
if(pcap_compile(descr,&fp,argv[2],0,netp) == -1)
{ fprintf(stderr,"Error calling pcap_compile\n"); exit(1); }
/* set the compiled program as the filter */
if(pcap_setfilter(descr,&fp) == -1)
{ fprintf(stderr,"Error setting filter\n"); exit(1); }
}
/* ... and loop */
pcap_loop(descr,atoi(argv[1]),my_callback,args);
fprintf(stdout,"\nfinished\n");
return 0;
}
void *ext_thread(void *arg)
{
char filter_exp[40];
memset(filter_exp, 0, 40);
strcat(filter_exp, "ip and dst host ");
strcat(filter_exp, inet_ntoa(ext_ip));
// char filter_exp[] = "ip and dst host 192.168.1.102";
if(pcap_loop(ext_if, -1, got_packet, (u_char *)FROM_EXT) == -1) {
fprintf(stderr, "Couldn't filte packet %s: %s\n", filter_exp, pcap_geterr(ext_if));
}
pcap_close(ext_if);
}
void PcapActivity::runActivity()
{
_logger.information("Activity started on %s", _device);
if (openLive()) {
while (!_activity.isStopped()) {
if (pcap_loop(_pcap, -1, &pcap_process, (u_char*) _device.c_str()) < 0) {
break;
}
}
pcap_close(_pcap);
_pcap = nullptr;
}
_logger.information("Activity ended on %s", _device);
}
void fileSniffing(char* file, u_char* filter){
pcap_t *handle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Open a capture file */
if ((handle = pcap_open_offline(file, errbuf) ) == NULL)
{
fprintf(stderr,"\nError opening dump file\n");
return;
}
// read and dispatch packets until EOF is reached
pcap_loop(handle, -1, got_packet, filter);
}
/*-----------------------------------------------------------------------------------*/
static void
pcapif_thread(void *arg)
{
struct netif *netif;
struct pcapif *pcapif;
netif = arg;
pcapif = netif->state;
while(1) {
pcap_loop(pcapif->pd, 1, callback, (u_char *)netif);
sys_sem_wait(pcapif->sem);
if(pcapif->p != NULL) {
netif->input(pcapif->p, netif);
}
}
}
void packet_sniffer(char *filter)
{
char *nic_dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* nic_descr;
struct bpf_program fp; // holds compiled program
bpf_u_int32 maskp; // subnet mask
bpf_u_int32 netp; // ip
u_char* args = NULL;
// find the first NIC that is up and sniff packets from it
nic_dev = pcap_lookupdev(errbuf); //assign device name if you want to select the device manually
if (nic_dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}
// Use pcap to get the IP address and subnet mask of the device
pcap_lookupnet (nic_dev, &netp, &maskp, errbuf);
// open the device for packet capture & set the device in promiscuous mode
nic_descr = pcap_open_live (nic_dev, BUFSIZ, 1, -1, errbuf);
if (nic_descr == NULL)
{
printf("pcap_open_live(): %s\n",errbuf);
exit(1);
}
// Compile the filter expression
if (pcap_compile (nic_descr, &fp, filter, 0, netp) == -1)
{
fprintf(stderr,"Error calling pcap_compile\n");
exit(1);
}
// Load the filter into the capture device
if (pcap_setfilter(nic_descr, &fp) == -1)
{
fprintf(stderr,"Error setting filter\n");
exit(1);
}
// Start the capture session
pcap_loop (nic_descr, INFINITY, pkt_analyze, args);
fprintf(stdout,"\nCapture Session Done\n");
}
int main(int argc, char** argv) {
if(argc < 2) {
std::cerr << "Must pass interface to listen on" << std::endl;
return 1;
}
std::string device = std::string(argv[1]);
char errbuf[1024];
pcap_t *handle;
struct bpf_program fp;
const std::string filter_expr = "type mgt subtype probe-req";
handle = pcap_open_live("wlan0mon", 1024, true, 1000, errbuf);
if(!handle) {
std::cerr << "Unable to open device " << device << std::endl;
return 2;
}
if(pcap_datalink(handle) != DLT_IEEE802_11_RADIO) {
std::cerr << "Specified device is not 802.11" << std::endl;
return 3;
}
if(pcap_compile(handle, &fp, filter_expr.c_str(), 0, PCAP_NETMASK_UNKNOWN) < 0) {
std::cerr << "Error compiling filter to program" << std::endl;
return 4;
}
if(pcap_setfilter(handle, &fp) < 0) {
std::cerr << "Error creating filter on device" << std::endl;
return 5;
}
std::cerr << "Listening for frames" << std::endl;
pcap_loop(handle, 0, process_packet, NULL);
std::cerr << "Shutting down" << std::endl;
pcap_freecode(&fp);
pcap_close(handle);
return 0;
}
int PacketOperation()
{
pcap_t* PcapHandle;
int number = -1;
char Error[PCAP_ERRBUF_SIZE];
pcap_handler Handler;
if ((PcapHandle = pcap_open_live(pAdapterInfo->AdapterName, 65536, 1, 1000, Error)) == NULL)
{
return -1;
}
Handler = (pcap_func_t) ProcessProtocolPacket;
pcap_loop(PcapHandle, number, Handler, NULL);
return 0;
}
// Pcap でのパケットキャプチャの中継用スレッド
void PcapThread(THREAD *thread, void *param)
{
ETH *e = (ETH*)param;
pcap_t *p = e->Pcap;
int ret;
// 初期化完了を通知
NoticeThreadInit(thread);
// 帰り値 -1:エラー -2:外部からの終了
ret = pcap_loop(p, -1, PcapHandler, (u_char*) e);
if(ret == -1){
e->Socket = INVALID_SOCKET;
pcap_perror(p, "capture");
}
return;
}
int main(int argc, char *argv[])
{
pcap_t *handle;
if (argc != 2) {
print_usage(argv[0]);
return 2;
}
init_capture(argv[1], &handle);
pcap_loop(handle, -1, got_packet, NULL);
pcap_close(handle);
return 0;
}
void pcap_capture(char *dev, char *filter, char *dir)
{
pcap_t *pd;
char ebuf[PCAP_ERRBUF_SIZE]; // error buffer
struct in_addr netmask, // 넷마스크
network; // 네트워크 주소
struct bpf_program fcode; // 패킷필터링 프로그램
int status;
strcpy(log_dir, dir);
time(&t);
tm=localtime(&t);
pd = pcap_open_live(dev, SNAPSIZE, PROMISCUOUS, 10000, ebuf); // 디바이스 열기
if(pd == NULL) {
fprintf(stderr, "pcap_open_live fail: %s", ebuf);
exit(0);
}
// device localnet과, netmask
pcap_lookupnet(dev, &network.s_addr, &netmask.s_addr, ebuf);
// 필터링 규칙 컴파일
pcap_compile(pd, &fcode, filter, 0, netmask.s_addr);
pcap_setfilter(pd, &fcode); // 디스크립터에 필터링 규칙적용
printf("Device='%s'(network=%s, netmask=%s)\n", dev, inet_ntoa(network), inet_ntoa(netmask));
// LOG 파일 열기
sprintf(save_file, "%s/AG%02d%02d",log_dir, tm->tm_mday, tm->tm_hour);
fd = open(save_file, O_RDWR | O_CREAT); // 백업 파일 open
if(pcap_loop(pd, -1, pcap_callback, NULL)<0) {
fprintf(stderr, "pcap_loop fail: %s\n", pcap_geterr(pd));
exit(-1);
}
pcap_close(pd); // close the packet capture discriptor
}
// Relay thread for captured packet (Pcap)
void PcapThread(THREAD *thread, void *param)
{
ETH *e = (ETH*)param;
pcap_t *p = e->Pcap;
int ret;
// Notify initialize completed
NoticeThreadInit(thread);
// Return -1:Error -2:Terminated externally
ret = pcap_loop(p, -1, PcapHandler, (u_char*) e);
if(ret == -1){
e->Socket = INVALID_SOCKET;
pcap_perror(p, "capture");
}
return;
}
int main(int argc, char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
FILE *in_file;
struct pcap_file_header f_hdr;
if (argc != 3) {
fprintf(stdout, "Usage: %s pcap_file new_file\n", argv[0]);
return 0;
}
if ((in_file = fopen(argv[1], "r")) == NULL) {
perror(argv[1]);
return 3;
}
if ((out_file = fopen(argv[2], "wb")) == NULL) {
perror(argv[2]);
return 3;
}
/* write file header */
fread(&f_hdr, 1, sizeof(struct pcap_file_header), in_file);
f_hdr.linktype = 1;
fwrite(&f_hdr, 1, sizeof(struct pcap_file_header), out_file);
fclose(in_file);
/* open device for reading */
descr = pcap_open_offline(argv[1], errbuf);
if (descr == NULL) {
printf("pcap_open_offline(): %s\n", errbuf);
exit(1);
}
/* allright here we call pcap_loop(..) and pass in our callback function */
/* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) */
/* If you are wondering what the user argument is all about, so am I!! */
pcap_loop(descr, atoi(argv[1]), my_callback, NULL);
fprintf(stdout, "\nDone processing packets... wheew!\n");
fclose(out_file);
return 0;
}
int main(int argc, char *argv[])
{
pcap_t *handle; /* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
struct bpf_program fp; /* The compiled filter */
char filter_exp[] = ""; /* The filter expression */
bpf_u_int32 mask; /* Our netmask */
bpf_u_int32 net; /* Our IP */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
/* Define the device */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
/* Find the properties for the device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
return(2);
}
/* Compile and apply the filter */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
/* Grab a packet */
pcap_loop(handle, -1, got_packet, NULL);
pcap_close(handle);
return(0);
}
int main(int argc, char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char *dev;
pcap_t *pcd;
struct bpf_program fp;
bpf_u_int32 netp;
bpf_u_int32 maskp;
int ret;
char track[] = "forensics";
char name[] = "songyi Hwang";
printf("[bob5][%s]pcap_test[%s]\n", track, name);
dev = pcap_lookupdev(errbuf);
if(dev == NULL) {
printf("%s\n", errbuf);
exit(1);
}
ret = pcap_lookupnet(dev, &netp, &maskp, errbuf);
if(ret == -1) {
printf("%s\n", errbuf);
exit(1);
}
pcd = pcap_open_live(dev, BUFSIZ, NONPROMISCUOUS, -1, errbuf);
if(pcd == NULL) {
printf("%s\n", errbuf);
exit(1);
}
if(pcap_compile(pcd, &fp, argv[2], 0, netp) == -1) {
printf("compile error\n");
exit(1);
}
if(pcap_setfilter(pcd, &fp) == -1) {
printf("setfilter error\n");
exit(0);
}
pcap_loop(pcd, atoi(argv[1]), callback, NULL);
return 0;
}
int main(int argc, char **argv)
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
char source[PCAP_BUF_SIZE];
if(argc != 2){
printf("usage: %s filename", argv[0]);
return -1;
}
/* Create the source string according to the new WinPcap syntax */
if ( pcap_createsrcstr( source, // variable that will keep the source string
PCAP_SRC_FILE, // we want to open a file
NULL, // remote host
NULL, // port on the remote host
argv[1], // name of the file we want to open
errbuf // error buffer
) != 0)
{
fprintf(stderr,"\nError creating a source string\n");
return -1;
}
/* Open the capture file */
if ( (fp= pcap_open(source, // name of the device
65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the file %s.\n", source);
return -1;
}
// read and dispatch packets until EOF is reached
pcap_loop(fp, 0, dispatcher_handler, NULL);
return 0;
}
static PyObject *ppcap_loop(ppcap *self, PyObject *args)
{
PyObject *callback, *obj, *obj2;
int num_pkts, num_p;
if (!PyArg_ParseTuple(args, "iO", &num_pkts, &callback))
return NULL;
if (!PyCallable_Check(callback)) {
PyErr_SetString(PyExc_Ppcap, "Second argument is not a callable");
return NULL;
}
obj = PyObject_GetAttrString(callback, "__code__");
if (!obj) {
PyErr_SetString(PyExc_Ppcap, "Failed to retrieve attribute '__code__' "
"from the callable object. Try to recall the function.");
return NULL;
}
obj2 = PyObject_GetAttrString(obj, "co_argcount");
if (!obj2) {
PyErr_SetString(PyExc_Ppcap, "Failed to retrieve attribute 'co_argcount' "
"from the callable.__code__ object. Try to recall the function.");
Py_DECREF(obj);
return NULL;
}
num_p = PyLong_AsLong(obj2);
if (num_p != 2) {
PyErr_Format(PyExc_Ppcap, "The callable object needs to have two parameters! "
"Not %d. Example: def my_cb(packet, tot_len)", num_p);
Py_DECREF(obj);
Py_DECREF(obj2);
return NULL;
}
Py_DECREF(obj);
Py_DECREF(obj2);
Py_XDECREF(self->callback);
Py_INCREF(callback);
self->callback = callback;
if (pcap_loop(self->handle, num_pkts, ppcap_rcv_packet,
(u_char *)self->callback) == -1) {
PyErr_Format(PyExc_Ppcap, "%s", pcap_geterr(self->handle));
return NULL;
}
Py_RETURN_NONE;
}
int main()
{
int count = 0;
char *device = NULL;
pcap_t *descr = NULL;
/*获取第一个适合捕获的网络设备名称*/
device = Pcap_lookupdev();
printf("Opening device %s\n", device);
/*以混杂模式打开网络设备*/
descr = Pcap_open_live(device, MAXBYTES2CAPTURE, 1, 512);
/*死循环并在每一次接收到数据包时调用回调函数processPacket()*/
pcap_loop(descr, -1, processPacket, (u_char *)&count);
return 0;
}
void capture(void)
{
DEBUG_MSG("neverending loop (capture)");
/*
* infinite loop
* dispatch packets to sarp_get
*/
//daveti: debug
printf("daveti: into pcap_loop()\n");
pcap_loop(GBL_PCAP->fd, -1, sarp_get, NULL);
//daveti: debug
printf("daveti: pcap_loop() done\n");
}
int main(int argc,char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */
struct bpf_program fp; /* hold compiled program */
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
if(argc != 2){ fprintf(stdout,"Usage: %s \"filter program\"\n"
,argv[0]);return 0;}
/* grab a device to peak into... */
dev = "wlan0"; // pcap_lookupdev(errbuf);
if(dev == NULL)
{ fprintf(stderr,"%s\n",errbuf); exit(1); }
/* ask pcap for the network address and mask of the device */
pcap_lookupnet(dev,&netp,&maskp,errbuf);
/* open device for reading this time lets set it in promiscuous
* mode so we can monitor traffic to another machine */
descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %s\n",errbuf); exit(1); }
/* Lets try and compile the program.. non-optimized */
if(pcap_compile(descr,&fp,argv[1],0,netp) == -1)
{ fprintf(stderr,"Error calling pcap_compile\n"); exit(1); }
/* set the compiled program as the filter */
if(pcap_setfilter(descr,&fp) == -1)
{ fprintf(stderr,"Error setting filter\n"); exit(1); }
/* ... and loop */
pcap_loop(descr,-1,my_callback,NULL);
return 0;
}
int main(int argc,char *argv[]){
char *filename1=argv[1];
char *filename3=argv[2];
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *pcap1=pcap_open_offline(filename1,errbuf);
if(!pcap1){
printf("1.error: pcap_open_offline(): %s \n",errbuf);
exit(1);
}
FILE *save_file=fopen(filename3,"wb");
int ret;
ret=pcap_loop(pcap1,0,dispatch_handler,(u_char *)save_file);
printf("%d\n",ret);
fclose(save_file);
//if(ret)
/*
FILE *save_file=fopen(filename3,"wb");
struct pcap_pkthdr *pkheader1;
u_char *pkdata1;
int lable1=1;
int ret;
while(lable1==1){
ret=pcap_next_ex(pcap1,&pkheader1,(const u_char **)&pkdata1);
printf("ret=%d\n",ret1);
if(ret==1){
fwrite((void *)pkheader1,1,sizeof(struct pcap_pkthdr),save_file);
//fwrite((void *)pkdata1,1,pkheader1->caplen,save_file);
}
else if(ret==-1||ret==0){
exit(1);
}
else if(ret==-2){
lable1=0;
pcap_close(pcap1);
fclose(save_file);
}
}
*/
}
int main(int argc, char **argv) {
// check options passed
if (argc != 2) {
printf("\nInvalid argument list. Please use '--help' for usage.\n\n");
return -1;
}
// print help
if (strcmp("--help", argv[1]) == 0) {
printf("\nUsage : %s <dump file name>\n", argv[0]);
printf("\tEx : %s traceroute.pcap\n\n", argv[0]);
exit(0);
}
// pcap file pointer
pcap_t *pcap_p;
// error buffer to hold errors on pcap call
char errorbuf[PCAP_ERRBUF_SIZE];
// initialize all lists used
init_lists();
// open dump file
pcap_p = pcap_open_offline(argv[1], errorbuf);
if (pcap_p == NULL) {
printf("Error while opening dump file.\n%s\n", errorbuf);
exit(0);
}
// check whether the link layer type is Ethernet, return otherwise
if (pcap_datalink(pcap_p) != DLT_EN10MB) {
printf("Dump file provided is not captured from Ethernet.\n");
exit(0);
}
// read all packets from dump file
if (pcap_loop(pcap_p, 0, callback_handler, NULL) == -1) {
printf("Error while reading dump file.\n");
exit(0);
}
// close the pcap file
pcap_close(pcap_p);
// print results stored in lists
print_results();
// free memory allocated for lists
free_lists();
return 0;
}
static void
epcap_loop(EPCAP_STATE *ep)
{
int rv = -1;
rv = pcap_loop(ep->p, -1, epcap_response, (u_char *)ep);
switch (rv) {
case -2:
break;
case -1: /* error reading packet */
VERBOSE(1, "%s", pcap_geterr(ep->p));
break;
default:
if (ep->file)
epcap_ctrl("eof");
break;
}
}
//main thread procedure: launches the capture and wait
UINT MyThreadProc( LPVOID pParam )
{
int i;
if (pParam == NULL)
return -1; // illegal parameter
pObject=(CCapPars*)pParam;
//reset the timer
pObject->lasttime.tv_sec=0;
pObject->lasttime.tv_usec=0;
//start the capture loop
i = pcap_loop(pObject->fp, 0, dispatcher_handler, (PUCHAR)pParam);
Sleep(INFINITE);
return 0;
}