int main(int argc,char **argv) { daemon(0,0); buf = malloc(BUFSIZ + 1); if(NULL == buf) { printf("buf null"); exit(1); } pcap_hnd = prepare_capture("eth2", 1, ""); pcap_loop(pcap_hnd, -1, &parse_http_packet, NULL); return 0; }
DWORD WINAPI eap_thread() { extern pcap_t *handle; extern char devname[]; init_device(); init_frames (); send_eap_packet (EAPOL_START); pcap_loop (handle, -1, get_packet, NULL); /* main loop */ pcap_close (handle); memset (devname, 0, MAX_DEV_NAME_LEN); update_interface_state(NULL); return 0; }
//------------------------------------------------------------------------------ static void* workerThread(void* pArgument_p) { tEdrvInstance* pInstance = (tEdrvInstance*)pArgument_p; int pcapRet; int oldCancelType; DEBUG_LVL_EDRV_TRACE("%s(): ThreadId:%ld\n", __func__, syscall(SYS_gettid)); pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, &oldCancelType); // Set up and activate the pcap live capture handle pInstance->pPcapThread = startPcap(); if (pInstance->pPcapThread == NULL) { return NULL; } if (pcap_setdirection(pInstance->pPcapThread, PCAP_D_INOUT) < 0) { DEBUG_LVL_ERROR_TRACE("%s() couldn't set PCAP direction!\n", __func__); } // signal that thread is successfully started sem_post(&pInstance->syncSem); pcapRet = pcap_loop(pInstance->pPcapThread, -1, packetHandler, (u_char*)pInstance); switch (pcapRet) { case 0: DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended because 'cnt' is exhausted.\n", __func__); break; case -1: DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended because of an error!\n", __func__); break; case -2: DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended normally.\n", __func__); break; default: DEBUG_LVL_ERROR_TRACE("%s(): pcap_loop ended (unknown return value).\n", __func__); break; } return NULL; }
int main(int argc, char *argv[]){ char *dev,errbuf[PCAP_ERRBUF_SIZE]; char *net_c = NULL,*mask_c = NULL; bpf_u_int32 mask; bpf_u_int32 net; struct in_addr addr; struct pcap_pkthdr header; pcap_t *handle; const u_char *packet; struct bpf_program fp; char filter_exp[] = "ip"; dev = pcap_lookupdev(errbuf); if(dev == NULL) { perror("can't find default dev!\n"); exit(-1); } printf("DEV:%s\n",dev); if(pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { perror("can't get netmask\n"); net_c =0; mask_c = 0; exit(-1); } addr.s_addr = net; net_c = inet_ntoa(addr); printf("Net:%s\n",net_c); addr.s_addr = mask; mask_c = inet_ntoa(addr); printf("Mask:%s\n",mask_c); printf("==================================================\n"); handle = pcap_open_live(dev,1500,1,0,errbuf); if(handle == NULL) { perror("couldn't get handle!\n"); exit(-1); } if(pcap_compile(handle,&fp,filter_exp,0,mask)== -1) { perror("Couldn't parse filter\n"); exit(-1); } if(pcap_setfilter(handle,&fp)==-1) { perror("Couldn't install filter\n"); exit(-1); } pcap_loop(handle,-1,my_callback,NULL); pcap_freecode(&fp); pcap_close(handle); printf("\nCapture complete.\n"); }
static void pcap_init(int type, char *data, char *host) { char *filter = NULL; pcap_t *handle = NULL; struct bpf_program fp; char errbuf[PCAP_ERRBUF_SIZE]; g_return_if_fail(data != NULL); g_return_if_fail(host != NULL); if(type == LIVE) { handle = pcap_open_live(data, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Falha ao abrir device %s: %s\n", data, errbuf); return; } } else { handle = pcap_open_offline(data, errbuf); if(handle == NULL) { fprintf(stderr, "Falha: %s\n", errbuf); return; } pcap_file(handle); } if(strlen(host) > 1) { filter = g_strdup_printf("port 80 and host %s", host); } else { filter = g_strdup_printf("port 80"); } if (pcap_compile(handle, &fp, filter, 0, 0) == -1) { fprintf(stderr, "Falha ao compilar filtro %s: %s\n", filter, pcap_geterr(handle)); return; } if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Falha ao utilizar filtro %s: %s\n", filter, pcap_geterr(handle)); return; } pcap_loop(handle, -1, packet_analyze, NULL); pcap_freecode(&fp); pcap_close(handle); }
int CapturePacketThread::RunCapture() { Releaseinfo("RunCapture input"); pcap_t *adhandle; char errbuf[PCAP_ERRBUF_SIZE]; u_int netmask=0xffffff; struct bpf_program fp; if((adhandle= pcap_open(devname.c_str(), // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { Releaseinfo("pcap_open fails"); fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", devname.c_str()); return -1; } string filter(""); string host_str(""); host_str = AppConfig::SharedInstance()->GetHostIp(); filter+="host "; filter+=ipstr; filter+=" and (tcp or udp) and (not host "; filter+=host_str; filter+=")"; //char test_filter[100]={0}; //strcpy(test_filter,filter.c_str()); //Releaseinfo(test_filter); if(pcap_compile(adhandle, &fp, filter.c_str(), 0, netmask) == -1) { Releaseinfo("pcap_compile fails"); fprintf(stderr, "Error calling pcap_compile\n"); return -1; } if(pcap_setfilter(adhandle, &fp) == -1) { Releaseinfo("pcap_setfilter fails"); fprintf(stderr, "Error setting filter\n"); return -1; } char user_ip[20]={0}; strcpy(user_ip,ipstr.c_str()); pcap_loop(adhandle, 0, PacketHandler, (u_char*)user_ip); return 0; }
int main(int argc,char **argv) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* descr; struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ u_char* args = NULL; /* Options must be passed in as a string because I am lazy */ if(argc < 2){ fprintf(stdout,"Usage: %s numpackets \"options\"\n",argv[0]); return 0; } /* grab a device to peak into... */ //dev = pcap_lookupdev(errbuf); dev = "wlan0" if(dev == NULL) { printf("%s\n",errbuf); exit(1); } /* ask pcap for the network address and mask of the device */ pcap_lookupnet(dev,&netp,&maskp,errbuf); /* open device for reading. NOTE: defaulting to * promiscuous mode*/ descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } if(argc > 2) { /* Lets try and compile the program.. non-optimized */ if(pcap_compile(descr,&fp,argv[2],0,netp) == -1) { fprintf(stderr,"Error calling pcap_compile\n"); exit(1); } /* set the compiled program as the filter */ if(pcap_setfilter(descr,&fp) == -1) { fprintf(stderr,"Error setting filter\n"); exit(1); } } /* ... and loop */ pcap_loop(descr,atoi(argv[1]),my_callback,args); fprintf(stdout,"\nfinished\n"); return 0; }
void *ext_thread(void *arg) { char filter_exp[40]; memset(filter_exp, 0, 40); strcat(filter_exp, "ip and dst host "); strcat(filter_exp, inet_ntoa(ext_ip)); // char filter_exp[] = "ip and dst host 192.168.1.102"; if(pcap_loop(ext_if, -1, got_packet, (u_char *)FROM_EXT) == -1) { fprintf(stderr, "Couldn't filte packet %s: %s\n", filter_exp, pcap_geterr(ext_if)); } pcap_close(ext_if); }
void PcapActivity::runActivity() { _logger.information("Activity started on %s", _device); if (openLive()) { while (!_activity.isStopped()) { if (pcap_loop(_pcap, -1, &pcap_process, (u_char*) _device.c_str()) < 0) { break; } } pcap_close(_pcap); _pcap = nullptr; } _logger.information("Activity ended on %s", _device); }
void fileSniffing(char* file, u_char* filter){ pcap_t *handle; char errbuf[PCAP_ERRBUF_SIZE]; /* Open a capture file */ if ((handle = pcap_open_offline(file, errbuf) ) == NULL) { fprintf(stderr,"\nError opening dump file\n"); return; } // read and dispatch packets until EOF is reached pcap_loop(handle, -1, got_packet, filter); }
/*-----------------------------------------------------------------------------------*/ static void pcapif_thread(void *arg) { struct netif *netif; struct pcapif *pcapif; netif = arg; pcapif = netif->state; while(1) { pcap_loop(pcapif->pd, 1, callback, (u_char *)netif); sys_sem_wait(pcapif->sem); if(pcapif->p != NULL) { netif->input(pcapif->p, netif); } } }
void packet_sniffer(char *filter) { char *nic_dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* nic_descr; struct bpf_program fp; // holds compiled program bpf_u_int32 maskp; // subnet mask bpf_u_int32 netp; // ip u_char* args = NULL; // find the first NIC that is up and sniff packets from it nic_dev = pcap_lookupdev(errbuf); //assign device name if you want to select the device manually if (nic_dev == NULL) { printf("%s\n",errbuf); exit(1); } // Use pcap to get the IP address and subnet mask of the device pcap_lookupnet (nic_dev, &netp, &maskp, errbuf); // open the device for packet capture & set the device in promiscuous mode nic_descr = pcap_open_live (nic_dev, BUFSIZ, 1, -1, errbuf); if (nic_descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } // Compile the filter expression if (pcap_compile (nic_descr, &fp, filter, 0, netp) == -1) { fprintf(stderr,"Error calling pcap_compile\n"); exit(1); } // Load the filter into the capture device if (pcap_setfilter(nic_descr, &fp) == -1) { fprintf(stderr,"Error setting filter\n"); exit(1); } // Start the capture session pcap_loop (nic_descr, INFINITY, pkt_analyze, args); fprintf(stdout,"\nCapture Session Done\n"); }
int main(int argc, char** argv) { if(argc < 2) { std::cerr << "Must pass interface to listen on" << std::endl; return 1; } std::string device = std::string(argv[1]); char errbuf[1024]; pcap_t *handle; struct bpf_program fp; const std::string filter_expr = "type mgt subtype probe-req"; handle = pcap_open_live("wlan0mon", 1024, true, 1000, errbuf); if(!handle) { std::cerr << "Unable to open device " << device << std::endl; return 2; } if(pcap_datalink(handle) != DLT_IEEE802_11_RADIO) { std::cerr << "Specified device is not 802.11" << std::endl; return 3; } if(pcap_compile(handle, &fp, filter_expr.c_str(), 0, PCAP_NETMASK_UNKNOWN) < 0) { std::cerr << "Error compiling filter to program" << std::endl; return 4; } if(pcap_setfilter(handle, &fp) < 0) { std::cerr << "Error creating filter on device" << std::endl; return 5; } std::cerr << "Listening for frames" << std::endl; pcap_loop(handle, 0, process_packet, NULL); std::cerr << "Shutting down" << std::endl; pcap_freecode(&fp); pcap_close(handle); return 0; }
int PacketOperation() { pcap_t* PcapHandle; int number = -1; char Error[PCAP_ERRBUF_SIZE]; pcap_handler Handler; if ((PcapHandle = pcap_open_live(pAdapterInfo->AdapterName, 65536, 1, 1000, Error)) == NULL) { return -1; } Handler = (pcap_func_t) ProcessProtocolPacket; pcap_loop(PcapHandle, number, Handler, NULL); return 0; }
// Pcap でのパケットキャプチャの中継用スレッド void PcapThread(THREAD *thread, void *param) { ETH *e = (ETH*)param; pcap_t *p = e->Pcap; int ret; // 初期化完了を通知 NoticeThreadInit(thread); // 帰り値 -1:エラー -2:外部からの終了 ret = pcap_loop(p, -1, PcapHandler, (u_char*) e); if(ret == -1){ e->Socket = INVALID_SOCKET; pcap_perror(p, "capture"); } return; }
int main(int argc, char *argv[]) { pcap_t *handle; if (argc != 2) { print_usage(argv[0]); return 2; } init_capture(argv[1], &handle); pcap_loop(handle, -1, got_packet, NULL); pcap_close(handle); return 0; }
void pcap_capture(char *dev, char *filter, char *dir) { pcap_t *pd; char ebuf[PCAP_ERRBUF_SIZE]; // error buffer struct in_addr netmask, // 넷마스크 network; // 네트워크 주소 struct bpf_program fcode; // 패킷필터링 프로그램 int status; strcpy(log_dir, dir); time(&t); tm=localtime(&t); pd = pcap_open_live(dev, SNAPSIZE, PROMISCUOUS, 10000, ebuf); // 디바이스 열기 if(pd == NULL) { fprintf(stderr, "pcap_open_live fail: %s", ebuf); exit(0); } // device localnet과, netmask pcap_lookupnet(dev, &network.s_addr, &netmask.s_addr, ebuf); // 필터링 규칙 컴파일 pcap_compile(pd, &fcode, filter, 0, netmask.s_addr); pcap_setfilter(pd, &fcode); // 디스크립터에 필터링 규칙적용 printf("Device='%s'(network=%s, netmask=%s)\n", dev, inet_ntoa(network), inet_ntoa(netmask)); // LOG 파일 열기 sprintf(save_file, "%s/AG%02d%02d",log_dir, tm->tm_mday, tm->tm_hour); fd = open(save_file, O_RDWR | O_CREAT); // 백업 파일 open if(pcap_loop(pd, -1, pcap_callback, NULL)<0) { fprintf(stderr, "pcap_loop fail: %s\n", pcap_geterr(pd)); exit(-1); } pcap_close(pd); // close the packet capture discriptor }
// Relay thread for captured packet (Pcap) void PcapThread(THREAD *thread, void *param) { ETH *e = (ETH*)param; pcap_t *p = e->Pcap; int ret; // Notify initialize completed NoticeThreadInit(thread); // Return -1:Error -2:Terminated externally ret = pcap_loop(p, -1, PcapHandler, (u_char*) e); if(ret == -1){ e->Socket = INVALID_SOCKET; pcap_perror(p, "capture"); } return; }
int main(int argc, char **argv) { int i; char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *descr; const u_char *packet; struct pcap_pkthdr hdr; /* pcap.h */ struct ether_header *eptr; /* net/ethernet.h */ FILE *in_file; struct pcap_file_header f_hdr; if (argc != 3) { fprintf(stdout, "Usage: %s pcap_file new_file\n", argv[0]); return 0; } if ((in_file = fopen(argv[1], "r")) == NULL) { perror(argv[1]); return 3; } if ((out_file = fopen(argv[2], "wb")) == NULL) { perror(argv[2]); return 3; } /* write file header */ fread(&f_hdr, 1, sizeof(struct pcap_file_header), in_file); f_hdr.linktype = 1; fwrite(&f_hdr, 1, sizeof(struct pcap_file_header), out_file); fclose(in_file); /* open device for reading */ descr = pcap_open_offline(argv[1], errbuf); if (descr == NULL) { printf("pcap_open_offline(): %s\n", errbuf); exit(1); } /* allright here we call pcap_loop(..) and pass in our callback function */ /* int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) */ /* If you are wondering what the user argument is all about, so am I!! */ pcap_loop(descr, atoi(argv[1]), my_callback, NULL); fprintf(stdout, "\nDone processing packets... wheew!\n"); fclose(out_file); return 0; }
int main(int argc, char *argv[]) { pcap_t *handle; /* Session handle */ char *dev; /* The device to sniff on */ char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */ struct bpf_program fp; /* The compiled filter */ char filter_exp[] = ""; /* The filter expression */ bpf_u_int32 mask; /* Our netmask */ bpf_u_int32 net; /* Our IP */ struct pcap_pkthdr header; /* The header that pcap gives us */ const u_char *packet; /* The actual packet */ /* Define the device */ dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } /* Find the properties for the device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf); net = 0; mask = 0; } /* Open the session in promiscuous mode */ handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf); return(2); } /* Compile and apply the filter */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle)); return(2); } if (pcap_setfilter(handle, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle)); return(2); } /* Grab a packet */ pcap_loop(handle, -1, got_packet, NULL); pcap_close(handle); return(0); }
int main(int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; char *dev; pcap_t *pcd; struct bpf_program fp; bpf_u_int32 netp; bpf_u_int32 maskp; int ret; char track[] = "forensics"; char name[] = "songyi Hwang"; printf("[bob5][%s]pcap_test[%s]\n", track, name); dev = pcap_lookupdev(errbuf); if(dev == NULL) { printf("%s\n", errbuf); exit(1); } ret = pcap_lookupnet(dev, &netp, &maskp, errbuf); if(ret == -1) { printf("%s\n", errbuf); exit(1); } pcd = pcap_open_live(dev, BUFSIZ, NONPROMISCUOUS, -1, errbuf); if(pcd == NULL) { printf("%s\n", errbuf); exit(1); } if(pcap_compile(pcd, &fp, argv[2], 0, netp) == -1) { printf("compile error\n"); exit(1); } if(pcap_setfilter(pcd, &fp) == -1) { printf("setfilter error\n"); exit(0); } pcap_loop(pcd, atoi(argv[1]), callback, NULL); return 0; }
int main(int argc, char **argv) { pcap_t *fp; char errbuf[PCAP_ERRBUF_SIZE]; char source[PCAP_BUF_SIZE]; if(argc != 2){ printf("usage: %s filename", argv[0]); return -1; } /* Create the source string according to the new WinPcap syntax */ if ( pcap_createsrcstr( source, // variable that will keep the source string PCAP_SRC_FILE, // we want to open a file NULL, // remote host NULL, // port on the remote host argv[1], // name of the file we want to open errbuf // error buffer ) != 0) { fprintf(stderr,"\nError creating a source string\n"); return -1; } /* Open the capture file */ if ( (fp= pcap_open(source, // name of the device 65536, // portion of the packet to capture // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the file %s.\n", source); return -1; } // read and dispatch packets until EOF is reached pcap_loop(fp, 0, dispatcher_handler, NULL); return 0; }
static PyObject *ppcap_loop(ppcap *self, PyObject *args) { PyObject *callback, *obj, *obj2; int num_pkts, num_p; if (!PyArg_ParseTuple(args, "iO", &num_pkts, &callback)) return NULL; if (!PyCallable_Check(callback)) { PyErr_SetString(PyExc_Ppcap, "Second argument is not a callable"); return NULL; } obj = PyObject_GetAttrString(callback, "__code__"); if (!obj) { PyErr_SetString(PyExc_Ppcap, "Failed to retrieve attribute '__code__' " "from the callable object. Try to recall the function."); return NULL; } obj2 = PyObject_GetAttrString(obj, "co_argcount"); if (!obj2) { PyErr_SetString(PyExc_Ppcap, "Failed to retrieve attribute 'co_argcount' " "from the callable.__code__ object. Try to recall the function."); Py_DECREF(obj); return NULL; } num_p = PyLong_AsLong(obj2); if (num_p != 2) { PyErr_Format(PyExc_Ppcap, "The callable object needs to have two parameters! " "Not %d. Example: def my_cb(packet, tot_len)", num_p); Py_DECREF(obj); Py_DECREF(obj2); return NULL; } Py_DECREF(obj); Py_DECREF(obj2); Py_XDECREF(self->callback); Py_INCREF(callback); self->callback = callback; if (pcap_loop(self->handle, num_pkts, ppcap_rcv_packet, (u_char *)self->callback) == -1) { PyErr_Format(PyExc_Ppcap, "%s", pcap_geterr(self->handle)); return NULL; } Py_RETURN_NONE; }
int main() { int count = 0; char *device = NULL; pcap_t *descr = NULL; /*获取第一个适合捕获的网络设备名称*/ device = Pcap_lookupdev(); printf("Opening device %s\n", device); /*以混杂模式打开网络设备*/ descr = Pcap_open_live(device, MAXBYTES2CAPTURE, 1, 512); /*死循环并在每一次接收到数据包时调用回调函数processPacket()*/ pcap_loop(descr, -1, processPacket, (u_char *)&count); return 0; }
void capture(void) { DEBUG_MSG("neverending loop (capture)"); /* * infinite loop * dispatch packets to sarp_get */ //daveti: debug printf("daveti: into pcap_loop()\n"); pcap_loop(GBL_PCAP->fd, -1, sarp_get, NULL); //daveti: debug printf("daveti: pcap_loop() done\n"); }
int main(int argc,char **argv) { int i; char *dev; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* descr; const u_char *packet; struct pcap_pkthdr hdr; /* pcap.h */ struct ether_header *eptr; /* net/ethernet.h */ struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ if(argc != 2){ fprintf(stdout,"Usage: %s \"filter program\"\n" ,argv[0]);return 0;} /* grab a device to peak into... */ dev = "wlan0"; // pcap_lookupdev(errbuf); if(dev == NULL) { fprintf(stderr,"%s\n",errbuf); exit(1); } /* ask pcap for the network address and mask of the device */ pcap_lookupnet(dev,&netp,&maskp,errbuf); /* open device for reading this time lets set it in promiscuous * mode so we can monitor traffic to another machine */ descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } /* Lets try and compile the program.. non-optimized */ if(pcap_compile(descr,&fp,argv[1],0,netp) == -1) { fprintf(stderr,"Error calling pcap_compile\n"); exit(1); } /* set the compiled program as the filter */ if(pcap_setfilter(descr,&fp) == -1) { fprintf(stderr,"Error setting filter\n"); exit(1); } /* ... and loop */ pcap_loop(descr,-1,my_callback,NULL); return 0; }
int main(int argc,char *argv[]){ char *filename1=argv[1]; char *filename3=argv[2]; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *pcap1=pcap_open_offline(filename1,errbuf); if(!pcap1){ printf("1.error: pcap_open_offline(): %s \n",errbuf); exit(1); } FILE *save_file=fopen(filename3,"wb"); int ret; ret=pcap_loop(pcap1,0,dispatch_handler,(u_char *)save_file); printf("%d\n",ret); fclose(save_file); //if(ret) /* FILE *save_file=fopen(filename3,"wb"); struct pcap_pkthdr *pkheader1; u_char *pkdata1; int lable1=1; int ret; while(lable1==1){ ret=pcap_next_ex(pcap1,&pkheader1,(const u_char **)&pkdata1); printf("ret=%d\n",ret1); if(ret==1){ fwrite((void *)pkheader1,1,sizeof(struct pcap_pkthdr),save_file); //fwrite((void *)pkdata1,1,pkheader1->caplen,save_file); } else if(ret==-1||ret==0){ exit(1); } else if(ret==-2){ lable1=0; pcap_close(pcap1); fclose(save_file); } } */ }
int main(int argc, char **argv) { // check options passed if (argc != 2) { printf("\nInvalid argument list. Please use '--help' for usage.\n\n"); return -1; } // print help if (strcmp("--help", argv[1]) == 0) { printf("\nUsage : %s <dump file name>\n", argv[0]); printf("\tEx : %s traceroute.pcap\n\n", argv[0]); exit(0); } // pcap file pointer pcap_t *pcap_p; // error buffer to hold errors on pcap call char errorbuf[PCAP_ERRBUF_SIZE]; // initialize all lists used init_lists(); // open dump file pcap_p = pcap_open_offline(argv[1], errorbuf); if (pcap_p == NULL) { printf("Error while opening dump file.\n%s\n", errorbuf); exit(0); } // check whether the link layer type is Ethernet, return otherwise if (pcap_datalink(pcap_p) != DLT_EN10MB) { printf("Dump file provided is not captured from Ethernet.\n"); exit(0); } // read all packets from dump file if (pcap_loop(pcap_p, 0, callback_handler, NULL) == -1) { printf("Error while reading dump file.\n"); exit(0); } // close the pcap file pcap_close(pcap_p); // print results stored in lists print_results(); // free memory allocated for lists free_lists(); return 0; }
static void epcap_loop(EPCAP_STATE *ep) { int rv = -1; rv = pcap_loop(ep->p, -1, epcap_response, (u_char *)ep); switch (rv) { case -2: break; case -1: /* error reading packet */ VERBOSE(1, "%s", pcap_geterr(ep->p)); break; default: if (ep->file) epcap_ctrl("eof"); break; } }
//main thread procedure: launches the capture and wait UINT MyThreadProc( LPVOID pParam ) { int i; if (pParam == NULL) return -1; // illegal parameter pObject=(CCapPars*)pParam; //reset the timer pObject->lasttime.tv_sec=0; pObject->lasttime.tv_usec=0; //start the capture loop i = pcap_loop(pObject->fp, 0, dispatcher_handler, (PUCHAR)pParam); Sleep(INFINITE); return 0; }