winpcap学习笔记--（Handling offline dump files--2）

最新推荐文章于 2021-12-17 13:02:40 发布

Dean丁

最新推荐文章于 2021-12-17 13:02:40 发布

阅读量783

点赞数

分类专栏： WinpCap学习录

本文链接：https://blog.youkuaiyun.com/deandingding/article/details/29610315

版权

WinpCap学习录专栏收录该内容

9 篇文章

订阅专栏

这篇博客详细记录了如何使用WinPCAP库解析dump文件的内容，并将其转换为16进制格式进行显示。作者在VS2010中遇到无法输入中文的问题，同时英文描述有限，欢迎读者交流指正。文中还提到，作者希望有经验的开发者能帮助解决程序中的特定问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

这个是把dumpfile里面东西全部读出来并以16进制表示，不知道为什么我的vs2010输入不了中文，英文烂，求亲喷。。。。。还有如果有哪位大神能帮我解决一下程序中注释部分的问题，小弟感激不敬！！！

#define WIN32
#define HAVE_REMOTE
#define LINE_LEN 32

#include <stdio.h>
#include <stdlib.h>
#include "pcap.h"

#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"packet.lib")
#pragma comment(lib,"wsock32.lib")

//这个回调函数可以自己随意命名？只要参数不变？？
void dispatcher_handler(u_char *,const struct pcap_pkthdr *,const u_char *);


int main(int argc,char **argv){
	pcap_t *fp;
	char errbuf[PCAP_ERRBUF_SIZE];
	char source[PCAP_BUF_SIZE];

	if(argc!=2){
		printf("usage: %s filename", argv[0]);
		return -1;
	}
	//what is source string ?
	/*
	here is the source string output:Source:file://test.txt
	*/
	/*Create the source string according to the new WinPcap syntax*/
	if(pcap_createsrcstr(	source,			//variable that will keep the source string
							PCAP_SRC_FILE,	//we want to open a file
							NULL,			//remote host
							NULL,			//port on the remote host
							argv[1],		//name of the file we want to open
							errbuf			//error buffer
							)!=0){
		fprintf(stderr,"\nError creating a source string\n");
		return -1;
	}
	printf("Source:%s\n",source);
	Sleep(10000);
	//pcap_open用来打开dumpfile的时候后面的参数是不是都没用了？
	//
	/*Open the capture file*/
	if ( (fp= pcap_open(<span style="white-space:pre">	</span>source,         // name of the device
			<span style="white-space:pre">	</span>65536,							// portion of the packet to capture
						// 65536 guarantees that the whole packet will be captured on all the link layers
				PCAP_OPENFLAG_PROMISCUOUS,		// promiscuous mode
				1000,							// read timeout
				NULL,							// authentication on the remote machine<span style="white-space:pre">		</span>						errbuf							// error buffer
				) ) == NULL)
	{
		fprintf(stderr,"\nUnable to open the file %s.\n", source);
		return -1;
	}

	/*read and dispatch packets until EOF is reached*/
	pcap_loop(fp, 0, dispatcher_handler, NULL);

	return 0;
}

void dispatcher_handler(u_char *temp1,const struct pcap_pkthdr *header,const u_char *pkt_data){
	u_int i=0;
	/*
	 *Unused variable
	 */
	(VOID)temp1;

	printf("%ld:%ld (%ld)\n",header->ts.tv_sec,header->ts.tv_usec,header->len);
	//what is the difference between the header->caplen and header->len
	/*
	caplen:length of portion present
	len:length this packet (off wire)
	*/
	/*Print the packet*/
	for(i=1;(i<header->caplen+1);i++){
		printf("%.2x",pkt_data[i-1]);
		if((i%LINE_LEN)==0) printf("\n");
	}
	printf("\n\n");
}