详解 pcap_findalldevs

pcap是packet capture的缩写。意为抓包。

功能：查找所有网络设备

原型：int pcap_findalldevs_ex(char* source, struct pcap_rmtauth *auth, pcap_if_t** alldevs, char* errbuf );

返回值：0表示查找成功。-1表示查找失败

参数说明：

source:

指定是本地适配器或者远程适配器

本地适配器：'rpcap://'

远程适配器：'rpcap://host:port'

抓包文件。'file://c:/myfolder/'.

Defined:

#define	PCAP_SRC_FILE_STRING "file://"
	String that will be used to determine the type of source in use (file, remote/local interface).
#define	PCAP_SRC_IF_STRING "rpcap://"
	String that will be used to determine the type of source in use (file, remote/local interface).

详细描述：

The formats allowed by the pcap_open() are the following:

file://path_and_filename [opens a local file]
rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
rpcap://host/devicename [opens the selected device available on a remote host]
rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
(NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]

The formats allowed by the pcap_findalldevs_ex() are the following:

file://folder/ [lists all the files in the given folder]
rpcap:// [lists all local adapters]
rpcap://host:port/ [lists the devices available on a remote host]

Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since IPv6 is fully supported, these are the allowed formats:

host (literal): e.g. host.foo.bar
host (numeric IPv4): e.g. 10.11.12.13
host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
host (numeric IPv6): e.g. [1:2:3::4]
port: can be either numeric (e.g. '80') or literal (e.g. 'http')

Here you find some allowed examples:

rpcap://host.foo.bar/devicename [everything literal, no port number]
rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]

struct pcap_rmtauth的定义如下：

struct pcap_rmtauth

{

    int type;

    char *username;

    char *password;

};

type:简要身份验证所需的类型。

username:用户名

password:密码

auth参数可以为NULL.

pcap_if_t的定义如下：

struct pcap_if {

    struct pcap_if *next;

    char *name;        /* name to hand to "pcap_open_live()" */

    char *description;    /* textual description of interface, or NULL */

    struct pcap_addr *addresses;

    bpf_u_int32 flags;    /* PCAP_IF_ interface flags */

};

pcap_addr的定义如下：

struct pcap_addr {

    struct pcap_addr *next;

    struct sockaddr *addr;        /* address */

    struct sockaddr *netmask;    /* netmask for that address */

    struct sockaddr *broadaddr;    /* broadcast address for that address */

    struct sockaddr *dstaddr;    /* P2P destination address for that address */

};

bpf_u_int32的定义如下：

typedef unsigned int    u_int;

typedef    u_int bpf_u_int32;

struct sockaddr的定义如下：

struct sockaddr {

        u_short sa_family;              /* address family */

        char    sa_data[];            /* up to 14 bytes of direct address */

};

alldevs参数用于存放获取的适配器数据。如果查找失败，alldevs的值为NULL.

errbuf参数存放查找失败的信息。