<html><body bgcolor="#FFFFFF"><div><span class="Apple-style-span" style="font-size: 15px; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); "><br>
<font size="2" face="宋体"> </font> <br><font size="2" face="Calibri">I have been trying to create the include (.h )files and lib files from the version</font><font size="2" face="宋体">3.0alpha2-WPcapSrc.zip </font><font size="2" face="Calibri">, but seems there are still some files are missed . Cause although I finished comipling the project below , It still cant run properly, and displays some information says : ' No interfaces found! Make sure WinPcap is installed' . (I have installed the winpcap version 3.0 alpha2).</font> <br>
<font size="2" face="Calibri"> </font> <br><font size="2" face="Calibri">Could anyone tell me how to get the proper include , lib files , or just zip them and send to my email. Thank you so much!</font> <br><font size="2" face="Calibri"> </font> <br>
<font size="2" face="Calibri"> </font> <br><font size="2" face="Calibri">///////////////////////////////////////////////////////////</font> <br><font size="2" face="宋体">#include "stdafx.h"</font> <br><font size="2" face="宋体"> </font> <br>
<font size="2" face="宋体">#include <stdlib.h></font> <br><font size="2" face="宋体">#include <stdio.h></font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体">#include <pcap.h></font> <br>
<font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体">int main(int argc, char* argv[])</font> <br><font size="2" face="宋体">{</font> <br>
<font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> pcap_if_t *alldevs, *d;</font> <br><font size="2" face="宋体"> pcap_t *fp;</font> <br>
<font size="2" face="宋体"> u_int inum, i=0;</font> <br><font size="2" face="宋体"> char errbuf[PCAP_ERRBUF_SIZE];</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> printf("kdump: saves the network traffic to file using WinPcap kernel-level dump faeature.\n");</font> <br>
<font size="2" face="宋体"> printf("\t Usage: %s [adapter] | dump_file_name max_size max_packs\n", argv[0]);</font> <br><font size="2" face="宋体"> printf("\t Where: max_size is the maximum size that the dump file will reach (0 means no limit)\n");</font> <br>
<font size="2" face="宋体"> printf("\t Where: max_packs is the maximum number of packets that will be saved (0 means no limit)\n\n");</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br>
<font size="2" face="宋体"> if(argc < 5){</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> /* 用户没有提供数据源。获取设备列表 */</font> <br><font size="2" face="宋体"> if (pcap_findalldevs(&alldevs, errbuf) == -1)</font> <br>
<font size="2" face="宋体"> {</font> <br><font size="2" face="宋体"> fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);</font> <br><font size="2" face="宋体"> exit(1);</font> <br><font size="2" face="宋体"> }</font> <br>
<font size="2" face="宋体"> </font><br><font size="2" face="宋体"> /* 打印列表 */</font> <br><font size="2" face="宋体"> for(d=alldevs; d; d=d->next)</font> <br><font size="2" face="宋体"> {</font> <br>
<font size="2" face="宋体"> printf("%d. %s", ++i, d->name);</font> <br><font size="2" face="宋体"> if (d->description)</font> <br><font size="2" face="宋体"> printf(" (%s)\n", d->description);</font> <br>
<font size="2" face="宋体"> else</font> <br><font size="2" face="宋体"> printf(" (No description available)\n");</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font><br>
<font size="2" face="宋体"> if(i==0)</font> <br><font size="2" face="宋体"> {</font> <br><font size="2" face="宋体"> printf("\nNo interfaces found! Make sure WinPcap is installed.\n");</font> <br>
<font size="2" face="宋体"> return -1;</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font><br><font size="2" face="宋体"> printf("Enter the interface number (1-%d):",i);</font> <br>
<font size="2" face="宋体"> scanf("%d", &inum);</font> <br><font size="2" face="宋体"> </font><br><font size="2" face="宋体"> if(inum < 1 || inum > i)</font> <br><font size="2" face="宋体"> {</font> <br>
<font size="2" face="宋体"> printf("\nInterface number out of range.\n");</font> <br><font size="2" face="宋体"> /* 释放列表 */</font> <br><font size="2" face="宋体"> return -1;</font> <br>
<font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font><br><font size="2" face="宋体"> /* 跳转到所选的设备 */</font> <br><font size="2" face="宋体"> for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);</font> <br>
<font size="2" face="宋体"> </font><br><font size="2" face="宋体"> /* 打开设备 */</font> <br><font size="2" face="宋体"> if ( (fp = pcap_open_live(d->name, 100, 1, 20, errbuf) ) == NULL)</font> <br><font size="2" face="宋体"> {</font> <br>
<font size="2" face="宋体"> fprintf(stderr,"\nError opening adapter\n");</font> <br><font size="2" face="宋体"> return -1;</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font> <br>
<font size="2" face="宋体"> /* 释放设备列表 */</font> <br><font size="2" face="宋体"> pcap_freealldevs(alldevs);</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> /* 开始堆过程 */</font> <br>
<font size="2" face="宋体"> if(pcap_live_dump(fp, argv[1], atoi(argv[2]), atoi(argv[3]))==-1){</font> <br><font size="2" face="宋体"> printf("Unable to start the dump, %s\n", pcap_geterr(fp));</font> <br>
<font size="2" face="宋体"> return -1;</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> else{</font> <br><font size="2" face="宋体"> </font><br>
<font size="2" face="宋体"> /* 打开设备 */</font> <br><font size="2" face="宋体"> if ( (fp= pcap_open_live(argv[1], 100, 1, 20, errbuf) ) == NULL)</font> <br><font size="2" face="宋体"> {</font> <br><font size="2" face="宋体"> fprintf(stderr,"\nError opening adapter\n");</font> <br>
<font size="2" face="宋体"> return -1;</font> <br><font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> /* 开始堆过程 */</font> <br><font size="2" face="宋体"> if(pcap_live_dump(fp, argv[0], atoi(argv[1]), atoi(argv[2]))==-1){</font> <br>
<font size="2" face="宋体"> printf("Unable to start the dump, %s\n", pcap_geterr(fp));</font> <br><font size="2" face="宋体"> return -1;</font> <br><font size="2" face="宋体"> }</font> <br>
<font size="2" face="宋体"> }</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> /* 等待,知道堆过程完成,也就是当数据到达max_size或max_packs的时候 */</font> <br><font size="2" face="宋体"> pcap_live_dump_ended(fp, TRUE);</font> <br>
<font size="2" face="宋体"> </font><br><font size="2" face="宋体"> /* 关闭适配器,这样,就可以将数据立刻输出到文件了 */</font> <br><font size="2" face="宋体"> pcap_close(fp);</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> return 0;</font> <br>
<font size="2" face="宋体"> </font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体">}</font> </span></div><div><span class="Apple-style-span" style="font-size: 15px; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.289062); -webkit-composition-fill-color: rgba(175, 192, 227, 0.222656); -webkit-composition-frame-color: rgba(77, 128, 180, 0.222656);"><br>
</span></div><div><span class="Apple-style-span" style="font-size: 15px; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.226562); -webkit-composition-frame-color: rgba(77, 128, 180, 0.226562);"><br>
</span><br>在 2010-8-6,10:22,yulou liu <<a href="mailto:lyulou@gmail.com">lyulou@gmail.com</a>> 写到:<br><br></div><div></div><blockquote type="cite"><div><div><span class="Apple-style-span" style="font-size: 15px; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); "><br>
<font size="2" face="宋体"> </font> <br><font size="2" face="宋体">thanks a lot. </font><br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体">I have another question. </font><br><font size="2" face="宋体">Is there any possible that I could use the live_dump feature if I install the older version of winpcap ?</font> <br>
<font size="2" face="宋体"> </font> <br><font size="2" face="宋体">the following was what I just tried this morning:</font> <br><font size="2" face="宋体"> </font> <br><font size="2" face="宋体">1. install the 3.0alpha2-WinPcap.exe </font><br>
<font size="2" face="Calibri">2. download the "</font><font size="2" face="宋体">3.0beta-wpdpack.zip</font><font size="2" face="Calibri">" file and unzip , and config VC6 to refer to the lib , include's directions .</font> <br>
<font size="2" face="Calibri"> </font> <br><font size="2" face="Calibri">Compile the project which uses pcap_live_dump(). It was successully compiled . </font><br><font size="2" face="Calibri">But when I run the .exe file , it can't find the netcard interfaces. </font><br>
<font size="2" face="Calibri"> </font> <br><font size="2" face="Calibri">Please tell me what mistakes did I make ? </font><br><font size="2" face="宋体"> </font> <br><font size="2" face="Calibri">Thank you. </font><br><font size="2" face="sans-serif"><br>
<br></font></span>在 2010-8-6,0:45,Gianluca Varenni <<a href="mailto:gianluca.varenni@cacetech.com"><a href="mailto:gianluca.varenni@cacetech.com">gianluca.varenni@cacetech.com</a></a>> 写到:<br><br></div><div></div><blockquote type="cite">
<div>
<div><font face="Calibri">The live_dump feature has been disabled several years
ago (because of other changes in the driver) and no one has worked to support it
again. At the moment in order to dump to disk you need to use the standard
dump-to-disk mechanism shown in sample "savedump" in the WinPcap developer's
pack.</font></div>
<div><font face="Calibri"></font> </div>
<div><font face="Calibri">Have a nice day.</font></div>
<div style="FONT: 10pt Tahoma">
<div><br></div>
<div style="BACKGROUND: #f5f5f5">
<div style="font-color: black"><b>From:</b> <a title="lyulou@gmail.com" href="mailto:lyulou@gmail.com">yulou liu</a> </div>
<div><b>Sent:</b> Thursday, August 05, 2010 9:32 AM</div>
<div><b>To:</b> <a title="winpcap-users@winpcap.org" href="mailto:winpcap-users@winpcap.org"></a><a href="mailto:winpcap-users@winpcap.org"><a href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</a></a> </div>
<div><b>Subject:</b> [Winpcap-users] does the winpcap version 4.1.2 support the
kernelDump feature?</div></div></div>
<div><br></div>
<div>I'm working on a project , that I want to dump packets to the disk .</div>
<div>I think the pcap_live_dump() maybe could work in the way I
want.</div>
<div>but it seems the pcap_live_dump() is not supported in the new version of
winpcap.</div>
<div>is it true ??</div>
<div> </div>
<div>thank you.</div>
<p>
</p><hr>
<p></p>_______________________________________________<br>Winpcap-users mailing
list<br><a href="mailto:Winpcap-users@winpcap.org"></a><a href="mailto:Winpcap-users@winpcap.org"><a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a></a><br><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users"></a><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users"><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</a></a><br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Winpcap-users mailing list</span><br><span><a href="mailto:Winpcap-users@winpcap.org"><a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a></a></span><br>
<span><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users"><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</a></a></span><br></div></blockquote>
</div></blockquote></body></html>