Winpcap网络开发库入门

Winpcap是一个强大的网络开发库，可以实现许多功能：获取可用的网络适配器；获取指定适配器信息（比如名称和描述信息）；捕获指定网卡的数据封包；发送数据封包；过滤捕获的包以获取特定包等。

首先到http://www.winpcap.org/install/default.htm下载安装winpcap 驱动和DLL组件。

然后到http://www.winpcap.org/devel.htm.下载winpcap开发包，解压到指定目录，这里我解压到C:/WpdPack_4_0_2/WpdPack，可以看到里面包含了：Lib,Include,文档和示例程序。

首先创建一个C++控制台程序，设置如下：

1） 在“Configuration Properties -> C/C++ -> General”中，在Additional Include Directories加入Include路径(“C:/WpdPack_4_0_2/WpdPack/Include”)。

2） 在 “Configuration Properties -> Linker -> General” 中，在Additional Library Directories中加入 winpcap 库文件路径 ( “C:/WpdPack_4_0_2/WpdPack/Lib” ) 。

3） 在“Configuration Properties -> Linker -> Input”中， Additional Dependencies 加入用到的两个winpcap 库文件（wpcap.lib and Packet.lib ) 。

4） 为了使用Winpcap的远程访问，必须在预处理器中加入HAVE_REMOTE

示例程序1 获取适配器列表

<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->#include<pcap.h>
int_tmain(intargc,_TCHAR*argv[])
{
pcap_if_t*allAdapters;//适配器列表
pcap_if_t*adapter;
charerrorBuffer[PCAP_ERRBUF_SIZE];//错误信息缓冲区
if(pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,
&allAdapters,errorBuffer)==-1)
{//检索机器连接的所有网络适配器
fprintf(stderr,"Errorinpcap_findalldevs_exfunction:%s/n",errorBuffer);
return-1;
}
if(allAdapters==NULL)
{//不存在人任何适配器
printf("/nNoadaptersfound!MakesureWinPcapisinstalled./n");
return0;
}
intcrtAdapter=0;
for(adapter=allAdapters;adapter!=NULL;adapter=adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf("/n%d.%s",++crtAdapter,adapter->name);
printf("--%s/n",adapter->description);
}
printf("/n");
pcap_freealldevs(allAdapters);//释放适配器列表
system("PAUSE");
return0;
}

示例程序2 打开指定适配器并捕获数据包

<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->#include<pcap.h>
int_tmain(intargc,_TCHAR*argv[])
{
pcap_if_t*allAdapters;//适配器列表
pcap_if_t*adapter;
pcap_t*adapterHandle;//适配器句柄
structpcap_pkthdr*packetHeader;
constu_char*packetData;
charerrorBuffer[PCAP_ERRBUF_SIZE];//错误信息缓冲区
if(pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,
&allAdapters,errorBuffer)==-1)
{//检索机器连接的所有网络适配器
fprintf(stderr,"Errorinpcap_findalldevs_exfunction:%s/n",errorBuffer);
return-1;
}
if(allAdapters==NULL)
{//不存在任何适配器
printf("/nNoadaptersfound!MakesureWinPcapisinstalled./n");
return0;
}
intcrtAdapter=0;
for(adapter=allAdapters;adapter!=NULL;adapter=adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf("/n%d.%s",++crtAdapter,adapter->name);
printf("--%s/n",adapter->description);
}
printf("/n");
//选择要捕获数据包的适配器
intadapterNumber;
printf("Entertheadapternumberbetween1and%d:",crtAdapter);
scanf_s("%d",&adapterNumber);
if(adapterNumber<1||adapterNumber>crtAdapter)
{
printf("/nAdapternumberoutofrange./n");
//释放适配器列表
pcap_freealldevs(allAdapters);
return-1;
}
adapter=allAdapters;
for(crtAdapter=0;crtAdapter<adapterNumber-1;crtAdapter++)
adapter=adapter->next;
//打开指定适配器
adapterHandle=pcap_open(adapter->name,//nameoftheadapter
65536,//portionofthepackettocapture
//65536guaranteesthatthewhole
//packetwillbecaptured
PCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode
1000,//readtimeout-1millisecond
NULL,//authenticationontheremotemachine
errorBuffer//errorbuffer
);
if(adapterHandle==NULL)
{//指定适配器打开失败
fprintf(stderr,"/nUnabletoopentheadapter/n",adapter->name);
//释放适配器列表
pcap_freealldevs(allAdapters);
return-1;
}
printf("/nCapturesessionstartedonadapter%s/n",adapter->name);
pcap_freealldevs(allAdapters);//释放适配器列表
//开始捕获数据包
intretValue;
while((retValue=pcap_next_ex(adapterHandle,
&packetHeader,
&packetData))>=0)
{
//timeoutelapsedifwereachthispoint
if(retValue==0)
continue;
//打印捕获数据包的信息
printf("lengthofpacket:%d/n",packetHeader->len);
}
//ifwegethere,therewasanerrorreadingthepackets
if(retValue==-1)
{
printf("Errorreadingthepackets:%s/n",pcap_geterr(adapterHandle));
return-1;
}
system("PAUSE");
return0;
}

示例程序3 发送数据封包

<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->#include<pcap.h>
int_tmain(intargc,_TCHAR*argv[])
{
pcap_if_t*allAdapters;//适配器列表
pcap_if_t*adapter;
pcap_t*adapterHandle;//适配器句柄
u_charpacket[20];//待发送的数据封包
charerrorBuffer[PCAP_ERRBUF_SIZE];//错误信息缓冲区
if(pcap_findalldevs_ex(PCAP_SRC_IF_STRING,NULL,
&allAdapters,errorBuffer)==-1)
{//检索机器连接的所有网络适配器
fprintf(stderr,"Errorinpcap_findalldevs_exfunction:%s/n",errorBuffer);
return-1;
}
if(allAdapters==NULL)
{//不存在人任何适配器
printf("/nNoadaptersfound!MakesureWinPcapisinstalled./n");
return0;
}
intcrtAdapter=0;
for(adapter=allAdapters;adapter!=NULL;adapter=adapter->next)
{//遍历输入适配器信息(名称和描述信息)
printf("/n%d.%s",++crtAdapter,adapter->name);
printf("--%s/n",adapter->description);
}
printf("/n");
//选择适配器
intadapterNumber;
printf("Entertheadapternumberbetween1and%d:",crtAdapter);
scanf_s("%d",&adapterNumber);
if(adapterNumber<1||adapterNumber>crtAdapter)
{
printf("/nAdapternumberoutofrange./n");
//释放适配器列表
pcap_freealldevs(allAdapters);
return-1;
}
adapter=allAdapters;
for(crtAdapter=0;crtAdapter<adapterNumber-1;crtAdapter++)
adapter=adapter->next;
//打开指定适配器
adapterHandle=pcap_open(adapter->name,//nameoftheadapter
65536,//portionofthepackettocapture
//65536guaranteesthatthewhole
//packetwillbecaptured
PCAP_OPENFLAG_PROMISCUOUS,//promiscuousmode
1000,//readtimeout-1millisecond
NULL,//authenticationontheremotemachine
errorBuffer//errorbuffer
);
if(adapterHandle==NULL)
{//指定适配器打开失败
fprintf(stderr,"/nUnabletoopentheadapter/n",adapter->name);
//释放适配器列表
pcap_freealldevs(allAdapters);
return-1;
}
pcap_freealldevs(allAdapters);//释放适配器列表
//创建数据封包
//设置目标的MAC地址为01:01:01:01:01:01
packet[0]=0x01;
packet[1]=0x01;
packet[2]=0x01;
packet[3]=0x01;
packet[4]=0x01;
packet[5]=0x01;
//设置源的MAC地址为02:02:02:02:02:02
packet[6]=0x02;
packet[7]=0x02;
packet[8]=0x02;
packet[9]=0x02;
packet[10]=0x02;
packet[11]=0x02;
//设置封包其他部分内容
for(intindex=12;index<20;index++)
{
packet[index]=0xC4;
}
//发送数据封包
if(pcap_sendpacket(adapterHandle,//theadapterhandle
packet,//thepacket
20//thelengthofthepacket
)!=0)
{
fprintf(stderr,"/nErrorsendingthepacket:/n",pcap_geterr(adapterHandle));
return-1;
}
system("PAUSE");
return0;
}

参考文章：

1，Introduction to the Winpcap Networking Libraries