详解 pcap_findalldevs_ex

pcap是packet capture的缩写。意为抓包。

功能:查找所有网络设备

原型:int pcap_findalldevs_ex(char* source,  struct pcap_rmtauth *auth,  pcap_if_t** alldevs,   char* errbuf );

返回值:0表示查找成功。-1表示查找失败

参数说明:

source:

指定是本地适配器或者远程适配器

本地适配器:'rpcap://'

远程适配器:'rpcap://host:port'

抓包文件。'file://c:/myfolder/'.

Defined:

 

#define  PCAP_SRC_FILE_STRING   "file://"
  String that will be used to determine the type of source in use (file, remote/local interface). 
#define  PCAP_SRC_IF_STRING   "rpcap://"
  String that will be used to determine the type of source in use (file, remote/local interface). 

 

 

 

详细描述:

The formats allowed by the pcap_open() are the following:

  • file://path_and_filename [opens a local file]
  • rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
  • rpcap://host/devicename [opens the selected device available on a remote host]
  • rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
  • adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
  • (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]

The formats allowed by the pcap_findalldevs_ex() are the following:

  • file://folder/ [lists all the files in the given folder]
  • rpcap:// [lists all local adapters]
  • rpcap://host:port/ [lists the devices available on a remote host]

Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since IPv6 is fully supported, these are the allowed formats:

 

  • host (literal): e.g. host.foo.bar
  • host (numeric IPv4): e.g. 10.11.12.13
  • host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
  • host (numeric IPv6): e.g. [1:2:3::4]
  • port: can be either numeric (e.g. '80') or literal (e.g. 'http')

Here you find some allowed examples:

  • rpcap://host.foo.bar/devicename [everything literal, no port number]
  • rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
  • rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
  • rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
  • rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
  • rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
  • rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
  • rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]

 

 struct pcap_rmtauth的定义如下:

struct pcap_rmtauth
{
    int type;
    char *username;
    char *password;
};

type:简要身份验证所需类型

username:用户名

password:密码

auth参数可以为NULL.

 

pcap_if_t的定义如下:

struct pcap_if {
    struct pcap_if *next;
    char *name;        /* name to hand to "pcap_open_live()" */
    char *description;    /* textual description of interface, or NULL */
    struct pcap_addr *addresses;
    bpf_u_int32 flags;    /* PCAP_IF_ interface flags */
};

pcap_addr的定义如下:

struct pcap_addr {
    struct pcap_addr *next;
    struct sockaddr *addr;        /* address */
    struct sockaddr *netmask;    /* netmask for that address */
    struct sockaddr *broadaddr;    /* broadcast address for that address */
    struct sockaddr *dstaddr;    /* P2P destination address for that address */
};

bpf_u_int32的定义如下:

typedef unsigned int    u_int;

typedef    u_int bpf_u_int32;

struct sockaddr的定义如下:

struct sockaddr {
        u_short sa_family;              /* address family */
        char    sa_data[14];            /* up to 14 bytes of direct address */
};

 

alldevs参数用于存放获取的适配器数据。如果查找失败,alldevs的值为NULL.

errbuf参数存放查找失败的信息。

 

 

 

 

 

posted @ 2013-08-28 16:23  Please Call me 小强  阅读(4233)  评论(0编辑  收藏  举报