WinPcap编程渐进教程(e文)

This section shows how to exploit the different features of the WinPcap API. It is organized as a tutorial, subdivided in a set of lessons that will guide the reader step by step inside the art of programming WinPcap, from the simple basic functions (obtaining the adapters list, starting a capture) to the most advanced ones (handling send queues, gathering statistics about network traffic).
Several code snippets, as well as simple but complete programs are provided as a reference: all this source code contains links to the rest of the manual, therefore it is possible to click on the functions and data structure to jump to their documentation.

The samples are written in plain C, so a basic knowledge of C programming is required. Also, since this is a tutorial on a library for raw networking, good knowledge of networks and protocols is assumed.

Obtaining the device list
[WinPcap tutorial: a step by step guide to program WinPcap]

The first thing that usually a WinPcap based application needs is a list of suitable network adapters. Libpcap provides the pcap_findalldevs() function for this purpose: this function returns a linked list of pcap_if structures, each of which contains comprehensive information about an adapter. In particular the fields name and description contain the name and a human readable description of the device.

The following code retrieves the adapter list and shows it on the screen, printing an error if no adapters are found.

#include "pcap.h"

main()
{
    pcap_if_t *alldevs;
    pcap_if_t *d;
    int i=0;
    char errbuf[PCAP_ERRBUF_SIZE];
    
    /* Retrieve the device list */
    if (pcap_findalldevs(&alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs: %s/n", errbuf);
        exit(1);
    }
    
    /* Print the list */
    for(d=alldevs;d;d=d->next)
    {
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)/n", d->description);
        else            printf(" (No description available)/n");
    }
    
    if(i==0)
    {
        printf("/nNo interfaces found! Make sure WinPcap is installed./n");
        return;
    }

    /* We don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);
}

Some comments about this code.

First of all, pcap_findalldevs(), like other libpcap functions, has an errbuf parameter. This parameter points to a string filled by libpcap with a description of the error if something goes wrong.

Second, note that pcap_findalldevs() is provided by libpcap under Unix as well, but remember that not all the OSes supported by libpcap provide a description of the network interfaces, therefore if we want to write a portable application, we must consider the case in which description is null: we print the string "No description available" in that situation.

Note finally that we free the list with pcap_freealldevs() once when we have finished with it.

Let's try to compile and run the code of this first sample. In order to compile it under Unix or Cygwin, simply issue a:

gcc -o testaprog testprog.c -lpcap

On Windows, you will need to create a project, following the instructions in the "Using WinPcap in your programs " section of this manual. However, I suggest you to use the WinPcap developer's pack (available at the WinPcap website, http://winpcap.polito.it ), that provides a lot of properly configured example apps, all the code presented in this tutorial and all the projects, includes and libraries needed to compile and run the samples.

Assuming we have compiled the program, let's try to run it. On my WinXP workstation, the result is

1. {4E273621-5161-46C8-895A-48D0E52A0B83} (Realtek RTL8029(AS) Ethernet Adapter)
2. {5D24AE04-C486-4A96-83FB-8B5EC6C7F430} (3Com EtherLink PCI)

As you can see, the name of the network adapters (that will be passed to libpcap when opening the devices) under Windows are quite unreadable, so the description near them can be very useful to the user.