pcap是packet capture的缩写。意为抓包。
功能:查找所有网络设备
原型:int pcap_findalldevs_ex(char* source, struct pcap_rmtauth *auth, pcap_if_t** alldevs, char* errbuf );
返回值:0表示查找成功。-1表示查找失败
参数说明:
source:
指定是本地适配器或者远程适配器
本地适配器:'rpcap://'
远程适配器:'rpcap://host:port'
抓包文件。'file://c:/myfolder/'.
Defined:
| #define | PCAP_SRC_FILE_STRING "file://" |
| String that will be used to determine the type of source in use (file, remote/local interface). | |
| #define | PCAP_SRC_IF_STRING "rpcap://" |
| String that will be used to determine the type of source in use (file, remote/local interface). |
详细描述:
The formats allowed by the pcap_open() are the following:
- file://path_and_filename [opens a local file]
- rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
- rpcap://host/devicename [opens the selected device available on a remote host]
- rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
- adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
- (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]
The formats allowed by the pcap_findalldevs_ex() are the following:
- file://folder/ [lists all the files in the given folder]
- rpcap:// [lists all local adapters]
- rpcap://host:port/ [lists the devices available on a remote host]
Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since IPv6 is fully supported, these are the allowed formats:
- host (literal): e.g. host.foo.bar
- host (numeric IPv4): e.g. 10.11.12.13
- host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
- host (numeric IPv6): e.g. [1:2:3::4]
- port: can be either numeric (e.g. '80') or literal (e.g. 'http')
Here you find some allowed examples:
- rpcap://host.foo.bar/devicename [everything literal, no port number]
- rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
- rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
- rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
- rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
- rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
- rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
- rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]
struct pcap_rmtauth的定义如下:
struct pcap_rmtauth { int type; char *username; char *password; };
type:简要身份验证所需的类型。
username:用户名
password:密码
auth参数可以为NULL.
pcap_if_t的定义如下:
struct pcap_if { struct pcap_if *next; char *name; /* name to hand to "pcap_open_live()" */ char *description; /* textual description of interface, or NULL */ struct pcap_addr *addresses; bpf_u_int32 flags; /* PCAP_IF_ interface flags */ };
pcap_addr的定义如下:
struct pcap_addr { struct pcap_addr *next; struct sockaddr *addr; /* address */ struct sockaddr *netmask; /* netmask for that address */ struct sockaddr *broadaddr; /* broadcast address for that address */ struct sockaddr *dstaddr; /* P2P destination address for that address */ };
bpf_u_int32的定义如下:
typedef unsigned int u_int; typedef u_int bpf_u_int32;
struct sockaddr的定义如下:
struct sockaddr { u_short sa_family; /* address family */ char sa_data[14]; /* up to 14 bytes of direct address */ };
alldevs参数用于存放获取的适配器数据。如果查找失败,alldevs的值为NULL.
errbuf参数存放查找失败的信息。