问题描述
我想解析来自适配器的传入数据,并通过 GOOSE、TCP、UDP、HTTP、ARP 等协议进行过滤。
我找到了 Winpcap 和 libpcap 的库,但我无法打印和过滤抓取的所有数据。有可能吗?有没有像 pyshark 这样的图书馆?我的 Winpcap 示例代码如下。并且适配器编号与命令提示符适配器编号不同。
bpf_program fcode;
pcap_if_t* allAdapters;
pcap_if_t* adapter;
pcap_t* adapterHandle;
struct pcap_pkthdr* packetHeader;
const u_char* packetData;
char errorBuffer[PCAP_ERRBUF_SIZE];
// retrieve the adapters from the computer
if (pcap_findalldevs_ex((char*)PCAP_SRC_IF_STRING,NULL,&allAdapters,errorBuffer) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs_ex function: %s\n",errorBuffer);
return -1;
}
// if there are no adapters,print an error
if (allAdapters == NULL)
{
printf("\nNo adapters found! Make sure WinPcap is installed.\n");
return 0;
}
// print the list of adapters along with basic information about an adapter
int crtAdapter = 0;
for (adapter = allAdapters; adapter != NULL; adapter = adapter->next)
{
printf("\n%d.%s ",++crtAdapter,adapter->name);
printf("-- %s\n",adapter->description);
}
printf("\n");
int adapterNumber;
printf("Enter the adapter number between 1 and %d:",crtAdapter);
scanf_s("%d",&adapterNumber);
if (adapterNumber < 1 || adapterNumber > crtAdapter)
{
printf("\nAdapter number out of range.\n");
// Free the adapter list
pcap_freealldevs(allAdapters);
return -1;
}
// parse the list until we reach the desired adapter
adapter = allAdapters;
for (crtAdapter = 0; crtAdapter < adapterNumber - 1; crtAdapter++)
adapter = adapter->next;
// open the adapter
adapterHandle = pcap_open(adapter->name,// name of the adapter
65536,// portion of the packet to capture
// 65536 guarantees that the whole
// packet will be captured
PCAP_OPENFLAG_PROMISCUOUS,// promiscuous mode
1000,// read timeout - 1 millisecond
NULL,// authentication on the remote machine
errorBuffer // error buffer
);
if (adapterHandle == NULL)
{
fprintf(stderr,"\nUnable to open the adapter\n",adapter->name);
// Free the adapter list
pcap_freealldevs(allAdapters);
return -1;
}
if (pcap_setfilter(adapterHandle,&fcode) < 0)
{
fprintf(stderr,"\nError setting the filter.\n");
}
printf("\nCapture session started on adapter %s...\n",adapter->name);
// free the adapter list
pcap_freealldevs(allAdapters);
// this is the most important part of the application
// here we start receiving packet traffic
int retValue;
while ((retValue = pcap_next_ex(adapterHandle,&packetHeader,&packetData)) >= 0)
{
// timeout elapsed if we reach this point
if (retValue == 0)
continue;
printf("Packet Data: %d",packetData);
// we print some information about the captured packet
// we print only the length of the packet here
printf("length of packet: %d\n",packetHeader->len);
}
我只能打印数据包大小并且过滤器不起作用。我对从适配器嗅探数据包一窍不通。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)