Creating an application that uses wpcap.dll
To create an application that uses wpcap.dll with Microsoft Visual C++,
follow these
steps:
- Include the file pcap.h at the beginning of every source file that
uses the functions exported by library.
- If your program uses Win32 specific functions of WinPcap, remember to include WPCAP
among the preprocessor definitions.
- If your program uses the remote capture capabilities of WinPcap, add
HAVE_REMOTE among the preprocessor definitions. Do not include
remote-ext.h directly in your source files.
- Set the options of the linker to include the wpcap.lib library
file specific for your target (x86 or x64). wpcap.lib for x86 can be
found in the \lib folder of the WinPcap developer's
pack, wpcap.lib for x64 can
be found in the \lib\x64 folder.
- Set the options of the linker to include the winsock library file
ws2_32.lib. This file is distributed with the C compiler
and contains the socket functions for Windows. It is needed by some
functions used by the samples in the tutorial.
How to properly set Microsoft Visual Studio
Visual Studio 6
- To add a preprocessor definition, you must select Settings from the Project menu, then select C/C++
from the tab control, and under the category General, you must add
the definition under the Preprocessor Definitions text box.
- To add a new library to the project with Microsoft Visual C++, you must
select Settings from the Project menu, then select Link
from the tab control, and then add the name of the new library in the Object/library
modules editbox.
- To add a new path where Microsoft Visual C++ will look for the libraries,
you must select Options from the Tools menu, then
Directories
from the tab control, Library files from the Show directories
for combobox, and the add the path in the Directories box.
- To add a new path where Microsoft Visual C++ will look for include files, you must select Options from the Tools menu, then
Directories
from the tab control, Include files from the Show directories
for combobox, and the add the path in the Directories box.
Visual Studio 2005 (needed to compile x64 applications)
- To add a preprocessor definition, you must select Properties from the Project menu, then select C/C++
from the list control on the left, and under the category Preprocessor, you must add
the definition under the Preprocessor Definitions text box.
- To add a new library to the project, you must
select Properties from the Project menu, then select Linker
from the list control on the left, and under the category Input add the name of the new library in the
Additional Dependencies text box.
- To add a new path where Microsoft Visual
Studio will look for the libraries,
you must select Options from the Tools menu, then
Project and Solutions from the list control on the left, VC++
Directories, then choose Library Files in the Show directories
for combobox, and the add the path in the box below.
- To add a new path where Microsoft Visual
Studio will look for the include files,
you must select Options from the Tools menu, then
Project and Solutions from the list control on the left, VC++
Directories, then choose Include Files in the Show directories
for combobox, and the add the path in the box below.
Sample programs
A couple of sample programs are provided to show the usage of the WinPcap API. The
source of the examples, along with all the files needed to compile and run them, can be found in the Developer's
Pack. For didactic purpose we provide here a browsable version of the
code: it is possible to click on the variables and functions to jump the
documentation of each of them. For a more complete set of samples, try WinPcap
Tutorial Section.
Packet Dump
This program reads packets from a file or a network adapter, depending on
a command line switch. If a source is not provided, the program shows a list of
available adapters, one of which can be selected. Once the
capture is started, the program prints the timestamp, the length and the raw
contents of the packets. Once compiled, it will run on all the Win32 platforms. It
can be compiled to run on Unix as well (the makefile is provided).
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#define LINE_LEN 16
int main(int argc, char **argv)
{
u_int inum, i=0;
int res;
const u_char *pkt_data;
printf("pktdump_ex: prints the packets of the network using WinPcap.\n");
printf(" Usage: pktdump_ex [-s source]\n\n"
" Examples:\n"
" pktdump_ex -s file://c:/temp/file.acp\n"
" pktdump_ex -s rpcap://\\Device\\NPF_{C8736017-F3C3-4373-94AC-9A34B7DAD998}\n\n");
if(argc < 3)
{
printf("\nNo adapter selected: printing the device list:\n");
{
fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
return -1;
}
for(d=alldevs; d; d=d->
next)
{
printf(
"%d. %s\n ", ++i, d->
name);
else
printf(" (No description available)\n");
}
if (i==0)
{
fprintf(stderr,"No interfaces found! Exiting.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
return -1;
}
for (d=alldevs, i=0; i< inum-1 ;d=d->
next, i++);
100 ,
20 ,
NULL ,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
}
else
{
100 ,
20 ,
NULL ,
errbuf)
) == NULL)
{
fprintf(stderr,"\nError opening source: %s\n", errbuf);
return -1;
}
}
{
if(res == 0)
continue;
printf(
"%ld:%ld (%ld)\n", header->
ts.tv_sec, header->
ts.tv_usec, header->
len);
for (i=1; (i < header->
caplen + 1 ) ; i++)
{
printf("%.2x ", pkt_data[i-1]);
if ( (i % LINE_LEN) == 0) printf("\n");
}
printf("\n\n");
}
if(res == -1)
{
fprintf(stderr,
"Error reading the packets: %s\n",
pcap_geterr(fp));
return -1;
}
return 0;
}
#define PCAP_OPENFLAG_PROMISCUOUS
Defines if the adapter has to go in promiscuous mode.
#define PCAP_SRC_IF_STRING
String that will be used to determine the type of source in use (file, remote/local interface).
struct pcap_if pcap_if_t
Item in a list of interfaces, see pcap_if.
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
#define PCAP_ERRBUF_SIZE
Size to use when allocating the buffer that contains the libpcap errors.
pcap_t * pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf)
Open a generic source in order to capture / send (WinPcap only) traffic.
void pcap_freealldevs(pcap_if_t *alldevsp)
Free an interface list returned by pcap_findalldevs().
int pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data)
Read a packet from an interface or from an offline capture.
char * pcap_geterr(pcap_t *p)
return the error text pertaining to the last pcap library error.
int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf)
Create a list of network devices that can be opened with pcap_open().
char * name
a pointer to a string giving a name for the device to pass to pcap_open_live()
struct pcap_if * next
if not NULL, a pointer to the next element in the list; NULL for the last element of the list
char * description
if not NULL, a pointer to a string giving a human-readable description of the device
Header of a packet in the dump file.
struct timeval ts
time stamp
bpf_u_int32 len
length this packet (off wire)
bpf_u_int32 caplen
length of portion present
Packet Filter
This is a more complete example of libpcap usage. It shows, among other
things, how to create and set filters and how to save a capture to disk. It can
be compiled under Win32 or Unix (projects and makefiles are provided).
Pcap_filter (pf.exe) is a general-purpose packet filtering application: its
input parameters are a source of packets (it can be a physical interface or a
file), a filter and an output file. It takes packets from the source until
CTRL+C is pressed or the whole file is processed, applies the filter to the
incoming packets and saves them to the output file if they satisfy the filter.
Pcap_filter can be used to dump network data according to a particular filter,
but also to extract a set of packets from a previously saved file. The format of
both input and output files is the format used by libpcap, i.e. same of WinDump, tcpdump
and many other network tools.
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#define MAX_PRINT 80
#define MAX_LINE 16
void usage();
void main(int argc, char **argv)
{
char *source=NULL;
char *ofilename=NULL;
char *filter=NULL;
int i;
struct bpf_program fcode;
int res;
const u_char *pkt_data;
if (argc == 1)
{
usage();
return;
}
for(i=1;i < argc; i+= 2)
{
switch (argv[i] [1])
{
case 's':
{
source=argv[i+1];
};
break;
case 'o':
{
ofilename=argv[i+1];
};
break;
case 'f':
{
filter=argv[i+1];
};
break;
}
}
if (source != NULL)
{
1514 ,
20 ,
NULL ,
errbuf)
) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter.\n");
return;
}
}
else usage();
if (filter != NULL)
{
NetMask=0xffffff;
{
fprintf(stderr,"\nError compiling filter: wrong syntax.\n");
return;
}
{
fprintf(stderr,"\nError setting the filter\n");
return;
}
}
if (ofilename != NULL)
{
if (dumpfile == NULL)
{
fprintf(stderr,"\nError opening output file\n");
return;
}
}
else usage();
{
if(res == 0)
continue;
pcap_dump((
unsigned char *) dumpfile, header, pkt_data);
}
}
void usage()
{
printf("\npf - Generic Packet Filter.\n");
printf("\nUsage:\npf -s source -o output_file_name [-f filter_string]\n\n");
exit(0);
}
u_int bpf_u_int32
32-bit unsigned integer
struct pcap_dumper pcap_dumper_t
libpcap savefile descriptor.
int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask)
Compile a packet filter, converting an high level filtering expression (see Filtering expression synt...
void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
Save a packet to disk.
pcap_dumper_t * pcap_dump_open(pcap_t *p, const char *fname)
Open a file to write packets.
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
Associate a filter to a capture.