<html><div style='background-color:'><DIV class=RTE>
<P><STRONG>I have this problem when I complie this code:</STRONG></P>
<P>#include <stdlib.h><BR>#include <stdio.h><BR>#define LINE_LEN 1000<BR>#include <pcap.h><BR>#include <process.h></P>
<P><BR>FILE *stream;<BR>int packet_number=0;</P>
<P><BR>int main(int argc, char **argv)<BR>{ </P>
<P>pcap_if_t *d;</P>
<P><BR>int i=0;<BR>pcap_t *adhandle;<BR>u_int netmask;<BR>char packet_filter[] = "ip and udp";<BR>struct bpf_program fcode;</P>
<P> </P>
<P><BR> stream = fopen( "fprintf.out", "w" );<BR> pcap_if_t *alldevs;<BR> pcap_t *fp;<BR> u_int inum;<BR> char errbuf[PCAP_ERRBUF_SIZE];<BR> int res;<BR> struct pcap_pkthdr *header;<BR> const u_char *pkt_data;<BR> </P>
<P><BR> if(argc < 3)<BR> {<BR> printf("\nNo adapter selected: printing the device list:\n");<BR> /* The user didn't provide a packet source: Retrieve the local device list */<BR> if(pcap_findalldevs(&alldevs, errbuf) == -1)<BR> {<BR> fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);<BR> exit(1);<BR> }<BR> <BR> /* Print the list */<BR> for(d=alldevs; d; d=d->next)<BR> {<BR> printf("%d. %s\n ", ++i, d->name);</P>
<P> if (d->description)<BR> printf(" (%s)\n", d->description);<BR> else<BR> printf(" (No description available)\n");<BR> }<BR> <BR> if (i==0)<BR> {<BR> printf("\nNo interfaces found! Make sure WinPcap is installed.\n");<BR> return -1;<BR> }<BR> <BR> printf("Enter the interface number (1-%d):",i);<BR> scanf("%d", &inum);<BR> <BR> if (inum < 1 || inum > i)<BR> {<BR> printf("\nInterface number out of range.\n");</P>
<P> /* Free the device list */<BR> pcap_freealldevs(alldevs);<BR> return -1;<BR> }<BR> <BR> /* Jump to the selected adapter */<BR> for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);<BR> <BR> /* Open the adapter */<BR> if ((fp = pcap_open_live(d->name, // name of the device<BR> 65536, // portion of the packet to capture. <BR> // 65536 grants that the whole packet will be captured on all the MACs.<BR> 1, // promiscuous mode (nonzero means promiscuous)<BR> 1000, // read
timeout<BR> errbuf // error buffer<BR> )) == NULL)<BR> {<BR> fprintf(stderr,"\nError opening adapter\n");<BR> return -1;<BR> }<BR> }<BR> else <BR> {<BR> /* Do not check for the switch type ('-s') */<BR> if ((fp = pcap_open_live(argv[2], // name of the device<BR> 65536, // portion of the packet to capture. <BR> // 65536 grants that the whole packet will be captured on all the MACs.<BR> 1, // promiscuous mode (nonzero means promiscuous)<BR> 1000, // read
timeout<BR> errbuf // error buffer<BR> )) == NULL)<BR> {<BR> fprintf(stderr,"\nError opening adapter\n");<BR> return -1;<BR> }<BR> }</P>
<P><FONT color=#0066cc> /* Without this part of code, I can make a capture without problem*/</FONT></P>
<P><FONT color=#0066cc> /* I just add with this part of code, the declarations at the top:<EM>u_int netmask;, char packet_filter[] = "ip and udp";......*/</EM></FONT></P>
<P><FONT color=#0066cc></FONT><BR> <FONT color=#ff3333> if (d->addresses != NULL)<BR> /* Retrieve the mask of the first address of the interface */<BR> netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr;<BR> else<BR> /* If the interface is without an address we suppose to be in a C class network */<BR> netmask=0xffffff; </FONT></P>
<P><BR><FONT color=#ff3333> //compile the filter<BR> if (pcap_compile(adhandle, &fcode, "ip and tcp", 1, netmask) < 0)<BR> {<BR> fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");<BR> /* Free the device list */<BR> pcap_freealldevs(alldevs);<BR> return -1;<BR> }<BR> <BR> //set the filter<BR> if (pcap_setfilter(adhandle, &fcode) < 0)<BR> {<BR> fprintf(stderr,"\nError setting the filter.\n");<BR> /* Free the device list
*/<BR> pcap_freealldevs(alldevs);<BR> return -1;</FONT></P>
<P><BR> /* Read the packets */<BR> while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)<BR> {</P>
<P> if(res == 0)<BR> /* Timeout elapsed */<BR> continue;</P>
<P><BR> struct tm *ltime;<BR> char timestr[16];<BR> <BR> /* convert the timestamp to readable format */<BR> ltime=localtime(&header->ts.tv_sec);<BR> strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);</P>
<P> packet_number=packet_number+1;<BR> <BR> printf("%d ; %s:%.6d; %d; ",packet_number, timestr, header->ts.tv_usec, header->len);</P>
<P>/* Print the packet */<BR> <BR> for (i=1; (i < header->caplen + 1 ) ; i++)<BR> {</P>
<P> printf("%.2x ", pkt_data[i-1]);<BR> if ( (i % LINE_LEN) == 0) printf("\n");<BR> <BR> }<BR> <BR> printf("\n\n"); <BR> </P>
<P>fprintf(stream,"%d ;%s:%.6d; %d; ",packet_number, timestr, header->ts.tv_usec, header->len);</P>
<P>for (i=1; (i < header->caplen + 1 ) ; i++)<BR>{<BR>fprintf( stream, "%.2x ",pkt_data[i-1] );<BR>}<BR>fprintf( stream, "\n\n" );<BR> }</P>
<P><BR> if(res == -1)<BR> {<BR> printf("Error reading the packets: %s\n", pcap_geterr(fp));<BR> return -1;<BR> }</P>
<P>system( "type fprintf.out" );<BR>fclose( stream );<BR> pcap_close(fp);<BR> return 0;<BR>}<BR>}<BR></P>
<P> </P>
<P><BR> </P></DIV>
<DIV></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #a0c6e5 2px solid; MARGIN-RIGHT: 0px"><FONT style="FONT-SIZE: 11px; FONT-FAMILY: tahoma,sans-serif">
<HR color=#a0c6e5 SIZE=1>
<DIV></DIV>From: <I>Vasily Borovyak <vbor@isd.dp.ua></I><BR>Reply-To: <I>winpcap-users@winpcap.org</I><BR>To: <I>winpcap-users@winpcap.org</I><BR>Subject: <I>Re: [Winpcap-users] Problems with Tutorial "Filtering the traffic"</I><BR>Date: <I>Tue, 14 Mar 2006 18:31:13 +0200</I><BR>>Hello Benjamin.<BR>><BR>>The error is somewhere in your code.<BR>>Provide us the main code parts so we can help you to find the bug.<BR>><BR>><BR>><BR>>Benjamin Amaudric wrote:<BR>>>Hi !!<BR>>> I have a problem when I try to apply a filter.<BR>>> I can make a capture without problem with the code of "/Opening <BR>>>an adapter and capturing the packets/", but when I add the code of <BR>>>"/Filtering the traffic/", Windows gives me this answer:<BR>>> *instruction
at "0X1000aaca" uses memory address "0xccccccea8". <BR>>>Memory can't be read.*<BR>>>** Can you help me?<BR>><BR>>--<BR>>Best regards. Vasily Borovyak <vbor@isd.dp.ua><BR>><BR>>_______________________________________________<BR>>Winpcap-users mailing list<BR>>Winpcap-users@winpcap.org<BR>>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></FONT></BLOCKQUOTE></div><br clear=all><hr>Windows Live Mail <a href="http://g.msn.com/8HMBFRFR/2734??PS=47575" target="_top">: découvrez et testez la version bêta !</a> </html>