您的位置:首页 > 其它

详解 pcap_findalldevs_ex

2013-08-28 16:23 357 查看

pcap是packet capture的缩写。意为抓包。

功能:查找所有网络设备

原型:int pcap_findalldevs_ex(char* source, struct pcap_rmtauth *auth, pcap_if_t** alldevs, char* errbuf );

返回值:0表示查找成功。-1表示查找失败

参数说明:

source:

指定是本地适配器或者远程适配器

本地适配器:'rpcap://'

远程适配器:'rpcap://host:port'

抓包文件。'file://c:/myfolder/'.

Defined:

#define PCAP_SRC_FILE_STRING "file://"
String that will be used to determine the type of source in use (file, remote/local interface).
#define PCAP_SRC_IF_STRING "rpcap://"
String that will be used to determine the type of source in use (file, remote/local interface).

详细描述:

The formats allowed by the pcap_open() are the following:

file://path_and_filename [opens a local file]

rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]

rpcap://host/devicename [opens the selected device available on a remote host]

rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]

adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]

(NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]

The formats allowed by the pcap_findalldevs_ex() are the following:

file://folder/ [lists all the files in the given folder]

rpcap:// [lists all local adapters]

rpcap://host:port/ [lists the devices available on a remote host]

Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since IPv6 is fully supported, these are the allowed formats:

host (literal): e.g. host.foo.bar

host (numeric IPv4): e.g. 10.11.12.13

host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]

host (numeric IPv6): e.g. [1:2:3::4]

port: can be either numeric (e.g. '80') or literal (e.g. 'http')

Here you find some allowed examples:

rpcap://host.foo.bar/devicename [everything literal, no port number]

rpcap://host.foo.bar:1234/devicename [everything literal, with port number]

rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]

rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]

rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]

rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]

rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]

rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]

struct pcap_rmtauth的定义如下:

struct pcap_rmtauth
{
int type;
char *username;
char *password;
};


type:简要身份验证所需的类型。

username:用户名

password:密码

auth参数可以为NULL.

pcap_if_t的定义如下:

struct pcap_if {
struct pcap_if *next;
char *name;        /* name to hand to "pcap_open_live()" */
char *description;    /* textual description of interface, or NULL */
struct pcap_addr *addresses;
bpf_u_int32 flags;    /* PCAP_IF_ interface flags */
};


pcap_addr的定义如下:

struct pcap_addr {
struct pcap_addr *next;
struct sockaddr *addr;        /* address */
struct sockaddr *netmask;    /* netmask for that address */
struct sockaddr *broadaddr;    /* broadcast address for that address */
struct sockaddr *dstaddr;    /* P2P destination address for that address */
};


bpf_u_int32的定义如下:

typedef unsigned int    u_int;

typedef    u_int bpf_u_int32;


struct sockaddr的定义如下:

struct sockaddr {
u_short sa_family;              /* address family */
char    sa_data[14];            /* up to 14 bytes of direct address */
};


alldevs参数用于存放获取的适配器数据。如果查找失败,alldevs的值为NULL.

errbuf参数存放查找失败的信息。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航