Installation and use of libpcap Library

Keywords: network socket

1 installation

sudo apt-get install libpcap-dev

2 use

Header files to include:
#include <pcap.h
When compiling, you need to add:
-lpcap

The basic steps of developing applications using libpcap function library:

  1. Open network device
  2. Set filtering rules (optional)
  3. Capture data
  4. Turn off the network device

Common functions:

  1. pcap_lookupdev() (optional) view the device name and return the network card name
  2. pcap_t *pcap_open_live(const char *device,int snaplen,int promisc,
    int to_ms,char *ebuf)
    Function:
    Open a network interface for capturing data
    Return value:
    Returns a Libpcap handle
    Parameters:
    device: the name of the network interface
    snaplen: the length of the capture packet
    promise: 1 stands for hybrid mode and other non hybrid modes
    to_ms: waiting time
    ebuf: store error information
  3. void pcap_close(pcap_t *p)
    Function:
    Close the Libpcap operation and destroy the corresponding resources
    parameter
    p: Libpcap handle to close
    Return value:
    nothing
  4. const u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
    Function:
    Capture a network packet
    Parameters:
    p: Libpcap handle
    h: Packet header
    Return value:
    The address of the captured packet
    struct pcap_pkthdr structure information: records the time of receiving data and the length of the message
  5. int pcap_loop(pcap_t *p,int cnt,pcap_handler callback,u_char *user)
    Function:
    Capture network packets circularly until errors are encountered or exit conditions are met;
    Each time a packet is captured, the callback function indicated by callback will be called,
    Therefore, packet processing can be performed in the callback function
    Return value:
    0 is returned for success and a negative number is returned for failure
    Parameters:
    p: Libpcap handle
    cnt: Specifies the number of captured packets. If it is - 1, it will be captured endlessly
    Callback: callback function
    user: the parameter passed to the callback function
    Callback function definition:
    void callback(u_char *arg, const struct pcap_pkthdr *packet_header, const u_char *packet_content)
    Parameter 1: arg stores pcap_ user data passed from loop
    Parameter 2: packet_heaher stores the time and length of the received message
    Parameter 3: packet_content received network frame data
    Filter rule function:
  6. int pcap_compile(pcap_t *p,struct bpf_program *program,
    char *buf,int optimize,bpf_u_int32 mask)
    Function:
    Compiling BPF filter rules
    Return value:
    0 is returned for success and - 1 is returned for failure
    Parameters:
    p: Libpcap handle
    program: bpf filtering rules (pcap identified rules)
    buf: filter rule string (user recognized rule center of gravity)
    Optimize: optimize
    mask: mask
  7. int pcap_setfilter(pcap p,struct bpf_programfp)
    Function:
    Set BPF filter rules
    Return value:
    0 is returned for success and - 1 is returned for failure
    Parameters:
    p: Libpcap handle
    fp: BPF filter rule

Filter rules:

3 examples

#include <iostream>
#include <pcap.h>
using namespace std;
//Callback function definition
void pcapCallback(u_char*arg, const struct pcap_pkthdr* header, const u_char* msg)
{
    printf("Message length:%u\tcaplen=%u\n",\
           header->len,header->caplen);
    char srcMac[18] = "";
    char dstMac[18] = "";
    sprintf(dstMac,"%02x:%02x:%02x:%02x:%02x:%02x",\
            msg[0],msg[1],msg[2],msg[3],msg[4],msg[5]);
    sprintf(srcMac,"%02x:%02x:%02x:%02x:%02x:%02x",\
            msg[6],msg[7],msg[8],msg[9],msg[10],msg[11]);
    printf("%s-->%s\n",srcMac,dstMac);
}

int main(int argc, char *argv[])
{
    char* interface = pcap_lookupdev(NULL);
    cout << interface << endl;
    char error[4096]="";
    pcap_t *pcaphd = pcap_open_live(interface,65535,0,0,error);
    if(error == NULL)
    {
        cout<< error << endl;
    }
    struct bpf_program bpf;
    pcap_compile(pcaphd,&bpf,"src host 192.168.123.249",0,0xffffff00);//255.255.255.0
    pcap_setfilter(pcaphd,&bpf);
	//Will block
    pcap_loop(pcaphd,5,pcapCallback,NULL);
if 0
    /*Here is an example of receiving a packet*/
    struct pcap_pkthdr header;
	  //The obtained msg is unpacked according to the Ethernet frame format and will be blocked
    const unsigned char* msg = pcap_next(pcaphd,&header);
    printf("%u\n",header.caplen);
    printf("%u\n",header.len);
    char srcMac[18] = "";
    char dstMac[18] = "";
    sprintf(dstMac,"%02x:%02x:%02x:%02x:%02x:%02x",\
            msg[0],msg[1],msg[2],msg[3],msg[4],msg[5]);
    sprintf(srcMac,"%02x:%02x:%02x:%02x:%02x:%02x",\
            msg[6],msg[7],msg[8],msg[9],msg[10],msg[11]);
    printf("%s-->%s\n",srcMac,dstMac);
#endif

    pcap_close(pcaphd);
    return 0;
}

reference resources:
https://blog.csdn.net/G_Super_Mouse/article/details/103748900

Posted by Skilo on Wed, 20 Oct 2021 12:32:45 -0700

Hot Keywords

©2024 Programmer Group