Winpcap 保存不是来自适配器的原始数据包

发布于 09-06 15:06 字数 2282 浏览 8 评论 0原文

我正在尝试构建一个应用程序,将旧的自定义以太网日志(bin 文件)转换为标准 winpcap 样式日志。

问题是我似乎找不到如何在不使用适配器(网卡)的情况下打开 pcap_t* 的示例。 temp.pkt 尚未创建。

我查看了 Winpcap 提供的示例,它们在转储数据包时都使用实时适配器。这个例子是最接近的 \WpdPack\Examples-pcap\savedump\savedump.c 是最接近的,见下面的例子稍作修改。

#ifdef _MSC_VER
/*
 * we do not want the warnings about the old deprecated and unsecure CRT functions
 * since these examples can be compiled under *nix as well
 */
#define _CRT_SECURE_NO_WARNINGS
#endif
#include "pcap.h"

int main(int argc, char **argv)
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int inum;
    int i=0;
    pcap_t *adhandle;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_dumper_t *dumpfile;


    /* Open the adapter */
    if ((adhandle= pcap_open(??????,    // name of the device
                             65536,         // portion of the packet to capture. 
                                            // 65536 grants that the whole packet will be captured on all the MACs.
                             1,             // promiscuous mode (nonzero means promiscuous)
                             1000,          // read timeout
                             errbuf         // error buffer
                             )) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    /* Open the dump file */
    dumpfile = pcap_dump_open(adhandle, argv[1]);
    if(dumpfile==NULL) {
        fprintf(stderr,"\nError opening output file\n");
        return -1;
    }    

    // ---------------------------
    struct pcap_pkthdr header;
    header.ts.tv_sec    = 1 ;   /* seconds */
    header.ts.tv_usec   = 1;    /* and microseconds */
    header.caplen       = 100;  /* length of portion present */
    header.len          = 100 ; /* length this packet (off wire) */

    u_char pkt_data[100];       
    for( int i = 0 ; i < 100 ; i++ ) {
        pkt_data[i] = i ; 
    }

    pcap_dump( (u_char *) dumpfile, &header, (u_char *)  &pkt_data);
    // ---------------------------

    /* start the capture */
    // pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);

    pcap_close(adhandle);
    return 0;
}

I am trying to build an application that converts my old custom Ethernet logs (bin files) to standard winpcap style logs.

The problem is that I can't seem to find an example of how to opening a pcap_t* without using an adapter (network card). The temp.pkt has not been created.

I have looked thou the examples provided with Winpcap and all of them use a live adapter when dumping packets. This example is the closest \WpdPack\Examples-pcap\savedump\savedump.c is the closest, see example below slightly modified.

#ifdef _MSC_VER
/*
 * we do not want the warnings about the old deprecated and unsecure CRT functions
 * since these examples can be compiled under *nix as well
 */
#define _CRT_SECURE_NO_WARNINGS
#endif
#include "pcap.h"

int main(int argc, char **argv)
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int inum;
    int i=0;
    pcap_t *adhandle;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_dumper_t *dumpfile;


    /* Open the adapter */
    if ((adhandle= pcap_open(??????,    // name of the device
                             65536,         // portion of the packet to capture. 
                                            // 65536 grants that the whole packet will be captured on all the MACs.
                             1,             // promiscuous mode (nonzero means promiscuous)
                             1000,          // read timeout
                             errbuf         // error buffer
                             )) == NULL)
    {
        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }

    /* Open the dump file */
    dumpfile = pcap_dump_open(adhandle, argv[1]);
    if(dumpfile==NULL) {
        fprintf(stderr,"\nError opening output file\n");
        return -1;
    }    

    // ---------------------------
    struct pcap_pkthdr header;
    header.ts.tv_sec    = 1 ;   /* seconds */
    header.ts.tv_usec   = 1;    /* and microseconds */
    header.caplen       = 100;  /* length of portion present */
    header.len          = 100 ; /* length this packet (off wire) */

    u_char pkt_data[100];       
    for( int i = 0 ; i < 100 ; i++ ) {
        pkt_data[i] = i ; 
    }

    pcap_dump( (u_char *) dumpfile, &header, (u_char *)  &pkt_data);
    // ---------------------------

    /* start the capture */
    // pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);

    pcap_close(adhandle);
    return 0;
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

春夜浅2024-09-13 15:06:26

我建议使用 pcap_t 来实现这一点,因为使用 WinPcap 比自己编写更好。

以下步骤介绍了如何执行此操作:

  1. 使用 pcap_open_dead() 函数创建 pcap_t。请在此处阅读函数说明。以太网的 linktype 为 1。
  2. 使用 pcap_dump_open() 函数创建 pcap_dumper_t
  3. 使用pcap_dump()函数将数据包写入转储文件。

我希望这对你有帮助。

I suggest doing that using pcap_t since using WinPcap is better than writing it yourself.

The following steps is how to do it:

  1. Use pcap_open_dead() function to create a pcap_t. Read the function description here. The linktype for Ethernet is 1.
  2. Use pcap_dump_open() function to create a pcap_dumper_t.
  3. Use pcap_dump() function to write the packet to the dump file.

I hope this would help you.

顾挽2024-09-13 15:06:26

如果您所做的只是将自己的文件格式转换为 .pcap,则不需要 pcap_t*,您可以使用类似以下内容的内容:

FILE* create_pcap_file(const char *filename, int linktype)
{
    struct pcap_file_header fh;
    fh.magic = TCPDUMP_MAGIC;
    fh.sigfigs = 0;
    fh.version_major = 2;
    fh.version_minor = 4;
    fh.snaplen = 2<<15; 
    fh.thiszone = 0;
    fh.linktype = linktype;

    FILE *file = fopen(filename, "wb");
    if(file != NULL) {
        if(fwrite(&fh, sizeof(fh), 1, file) != 1) {
            fclose(file);
            file = NULL;
        }
    }

    return file;
}

int write_pcap_packet(FILE* file,size_t length,const unsigned char *data,const struct timeval *tval)
{
    struct pcap_pkthdr pkhdr;
    pkhdr.caplen = length;
    pkhdr.len = length;
    pkhdr.ts = *tval;

    if(fwrite(&pkhdr, sizeof(pkhdr), 1, file) != 1) {
        return 1;
    }

    if(fwrite(data, 1, length, file) != length) {
        return 2;
    }

    return 0;
}

If all you're doing is converting your own file format to .pcap, you don't need a pcap_t*, you can just use something like:

FILE* create_pcap_file(const char *filename, int linktype)
{
    struct pcap_file_header fh;
    fh.magic = TCPDUMP_MAGIC;
    fh.sigfigs = 0;
    fh.version_major = 2;
    fh.version_minor = 4;
    fh.snaplen = 2<<15; 
    fh.thiszone = 0;
    fh.linktype = linktype;

    FILE *file = fopen(filename, "wb");
    if(file != NULL) {
        if(fwrite(&fh, sizeof(fh), 1, file) != 1) {
            fclose(file);
            file = NULL;
        }
    }

    return file;
}

int write_pcap_packet(FILE* file,size_t length,const unsigned char *data,const struct timeval *tval)
{
    struct pcap_pkthdr pkhdr;
    pkhdr.caplen = length;
    pkhdr.len = length;
    pkhdr.ts = *tval;

    if(fwrite(&pkhdr, sizeof(pkhdr), 1, file) != 1) {
        return 1;
    }

    if(fwrite(data, 1, length, file) != length) {
        return 2;
    }

    return 0;
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文