我正在尝试构建一个将我的旧自定义以太网日志(bin文件)转换为标准winpcap样式日志的应用程序。Winpcap保存原始数据包不是来自适配器
问题是,我似乎无法找到如何打开pcap_t *而不使用适配器(网卡)的示例。 temp.pkt尚未创建。
我查看了Winpcap提供的示例,并且它们都在转储数据包时使用了活适配器。这个例子是最接近的\ WpdPack \ Examples-pcap \ savedump \ savedump.c是最接近的,看下面的例子稍作修改。
#ifdef _MSC_VER
/*
* we do not want the warnings about the old deprecated and unsecure CRT functions
* since these examples can be compiled under *nix as well
*/
#define _CRT_SECURE_NO_WARNINGS
#endif
#include "pcap.h"
int main(int argc, char **argv)
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_dumper_t *dumpfile;
/* Open the adapter */
if ((adhandle= pcap_open(??????, // name of the device
65536, // portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
1, // promiscuous mode (nonzero means promiscuous)
1000, // read timeout
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Open the dump file */
dumpfile = pcap_dump_open(adhandle, argv[1]);
if(dumpfile==NULL) {
fprintf(stderr,"\nError opening output file\n");
return -1;
}
// ---------------------------
struct pcap_pkthdr header;
header.ts.tv_sec = 1 ; /* seconds */
header.ts.tv_usec = 1; /* and microseconds */
header.caplen = 100; /* length of portion present */
header.len = 100 ; /* length this packet (off wire) */
u_char pkt_data[100];
for(int i = 0 ; i < 100 ; i++) {
pkt_data[i] = i ;
}
pcap_dump((u_char *) dumpfile, &header, (u_char *) &pkt_data);
// ---------------------------
/* start the capture */
// pcap_loop(adhandle, 0, packet_handler, (unsigned char *)dumpfile);
pcap_close(adhandle);
return 0;
}
很好用,你是自己编写这段代码还是在http://www.winpcap.org/docs/上的某个地方引用过,我只是没有注意到它? 谢谢 – 2010-06-24 23:58:23
去年我曾经做过类似的事情。 – nos 2010-06-25 07:49:28