[Winpcap-users] does the winpcap version 4.1.2 support the kernelDump feature?
yulou liu
lyulou at gmail.com
Fri Aug 6 01:49:08 PDT 2010
I have been trying to create the include (.h )files and lib files from the
version3.0alpha2-WPcapSrc.zip , but seems there are still some files are
missed . Cause although I finished comipling the project below , It still
cant run properly, and displays some information says : ' No interfaces
found! Make sure WinPcap is installed' . (I have installed the winpcap
version 3.0 alpha2).
Could anyone tell me how to get the proper include , lib files , or just
zip them and send to my email. Thank you so much!
///////////////////////////////////////////////////////////
#include "stdafx.h"
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
int main(int argc, char* argv[])
{
pcap_if_t *alldevs, *d;
pcap_t *fp;
u_int inum, i=0;
char errbuf[PCAP_ERRBUF_SIZE];
printf("kdump: saves the network traffic to file using WinPcap
kernel-level dump faeature.\n");
printf("\t Usage: %s [adapter] | dump_file_name max_size max_packs\n",
argv[0]);
printf("\t Where: max_size is the maximum size that the dump file will
reach (0 means no limit)\n");
printf("\t Where: max_packs is the maximum number of packets that will
be saved (0 means no limit)\n\n");
if(argc < 5){
/* 用户没有提供数据源。获取设备列表 */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 打印列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is
installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放列表 */
return -1;
}
/* 跳转到所选的设备 */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* 打开设备 */
if ( (fp = pcap_open_live(d->name, 100, 1, 20, errbuf) ) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
/* 释放设备列表 */
pcap_freealldevs(alldevs);
/* 开始堆过程 */
if(pcap_live_dump(fp, argv[1], atoi(argv[2]), atoi(argv[3]))==-1){
printf("Unable to start the dump, %s\n", pcap_geterr(fp));
return -1;
}
}
else{
/* 打开设备 */
if ( (fp= pcap_open_live(argv[1], 100, 1, 20, errbuf) ) == NULL)
{
fprintf(stderr,"\nError opening adapter\n");
return -1;
}
/* 开始堆过程 */
if(pcap_live_dump(fp, argv[0], atoi(argv[1]), atoi(argv[2]))==-1){
printf("Unable to start the dump, %s\n", pcap_geterr(fp));
return -1;
}
}
/* 等待,知道堆过程完成,也就是当数据到达max_size或max_packs的时候 */
pcap_live_dump_ended(fp, TRUE);
/* 关闭适配器,这样,就可以将数据立刻输出到文件了 */
pcap_close(fp);
return 0;
}
在 2010-8-6,10:22,yulou liu <lyulou at gmail.com> 写到:
thanks a lot.
I have another question.
Is there any possible that I could use the live_dump feature if I install
the older version of winpcap ?
the following was what I just tried this morning:
1. install the 3.0alpha2-WinPcap.exe
2. download the "3.0beta-wpdpack.zip" file and unzip , and config VC6
to refer to the lib , include's directions .
Compile the project which uses pcap_live_dump(). It was successully
compiled .
But when I run the .exe file , it can't find the netcard interfaces.
Please tell me what mistakes did I make ?
Thank you.
在 2010-8-6,0:45,Gianluca Varenni <gianluca.varenni at cacetech.com> 写到:
The live_dump feature has been disabled several years ago (because of other
changes in the driver) and no one has worked to support it again. At the
moment in order to dump to disk you need to use the standard dump-to-disk
mechanism shown in sample "savedump" in the WinPcap developer's pack.
Have a nice day.
*From:* yulou liu <lyulou at gmail.com>
*Sent:* Thursday, August 05, 2010 9:32 AM
*To:* <winpcap-users at winpcap.org>winpcap-users at winpcap.org
*Subject:* [Winpcap-users] does the winpcap version 4.1.2 support the
kernelDump feature?
I'm working on a project , that I want to dump packets to the disk .
I think the pcap_live_dump() maybe could work in the way I want.
but it seems the pcap_live_dump() is not supported in the new version of
winpcap.
is it true ??
thank you.
------------------------------
_______________________________________________
Winpcap-users mailing list
<Winpcap-users at winpcap.org>Winpcap-users at winpcap.org
<https://www.winpcap.org/mailman/listinfo/winpcap-users>
https://www.winpcap.org/mailman/listinfo/winpcap-users
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100806/31a76bca/attachment-0001.htm
More information about the Winpcap-users
mailing list