Upload
love
View
69
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Capturing Packet by using PCAP. Adviser: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: Dec. 21th 2010. Outline. Demonstration Introduction LibPCAP WinPCAP Function Examples Reference. Introduction. PCAP Packet Capture An API(Application Programming Interface) - PowerPoint PPT Presentation
Citation preview
Adviser: Dr. Quincy WuSpeaker: Hui - Hsiung ChungDate: Dec. 21th 2010
Demonstration Introduction LibPCAP WinPCAP Function Examples Reference
2
PCAP Packet Capture An API(Application Programming Interface) Tcpdump, Wireshark, McAfee Written in C Language
3
Compatible with Unix like System Now Developed by TCPDUMP
Organization TCPDUMP
4
Install Libpcap yum install libpcap
Install LibPCAP-Devel yum install libpcap libpcap-devel
Compile gcc expcap.c –l pcap
5
Compatible with Windows System Original: Polytechnic University of Turin Now Developed by CACE Technologies WinPCAP
Developer’s Pack
6
Project -> Properties -> Configuration PropertiesVC++ Directories
Add PCAP Include DirectoryAdd PCAP Lib Directory
Linker -> InputAdd wpcap.lib, Packet.lib, ws2_32.lib
Example
7
8
Function Purpose
pcap_findalldevs() Return a NIC to Using
pcap_open_live() Open a NIC to Capture Packet
pcap_datalink() Return the Linker Layer
pcap_compile() Compile the Filter Expressions
pcap_setfilter() Associate a Filter to a Capture
pcap_loop() Capture Packets
pcap_dump() Save a Packet to Disk
Pcap_freealldevs() Free an Interface
int pcap_findalldevs(pcap_if_t **alldevsp, char *ebuf) alldevsp: NIC ebuf: Error Message
int pcap_open_live(char *dev, int snaplen, int promisc, int ms, char *ebuf) dev: Name of the Device plen: A Maximum Number of Bytes to Capture promisc: Promiscuous Mode, Non-zero Presents Promiscuous ms: Some Amount of Time to Allow Packets Arrive ebuf: Error Message
9
int pcap_datalink(pcap_t *p) p: The Return Value of pcap_open_live() Return Value of pcap_datalink()
DLT_EN10MB: Ethernet DLT_IEEE802_11: IEEE 802.11 Wireless LAN More Examples
int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) p: The Return Value of pcap_open_live() fp: A Pointer to a bpf_program Struct str: Filter Expression optimize: Default Value is 1. netmask: IPv4 Netmask of the Network
10
int pcap_setfilter(pcap_t *p, struct bpf_program *fp) p: The Return Value of pcap_open_live() A Pointer to a bpf_program Struct
int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) p: The Return Value of pcap_open_live() cnt: Loop Times, zero means Infinite Loop callback: Programmer Defined Function user: NULL
11
void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) User: NULL h: Packet Header sp: Packet Content
void pcap_freealldevs(pcap_if_t *alldevsp) alldevsp: NIC
12
Wiki PCAP Berkeley Packet Filter WinPCAP Development Docs Po-Chou Chen ,”Distribute Architecture for Real-Time
Lawful Intercept in SIP-based VoIP Systems”, Master Thesis, Department of Computer Science and Information Engineering, National Chi Nan University,Jun,2008.
13
14
15Back