1 / 15

Capturing Packet by using PCAP

Capturing Packet by using PCAP. Adviser: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: Dec. 21th 2010. Outline . Demonstration Introduction LibPCAP WinPCAP Function Examples Reference. Introduction . PCAP Packet Capture An API(Application Programming Interface)

love
Download Presentation

Capturing Packet by using PCAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Capturing Packet by using PCAP Adviser: Dr. Quincy Wu Speaker: Hui - Hsiung Chung Date: Dec. 21th 2010

  2. Outline • Demonstration • Introduction • LibPCAP • WinPCAP • Function Examples • Reference

  3. Introduction • PCAP • Packet Capture • An API(Application Programming Interface) • Tcpdump, Wireshark, McAfee • Written in C Language

  4. LibPCAP • Compatible with Unix like System • Now Developed by TCPDUMP Organization • TCPDUMP

  5. Configure LibPCAP • Install Libpcap • yum install libpcap • Install LibPCAP-Devel • yum install libpcap libpcap-devel • Compile • gcc expcap.c –l pcap

  6. WinPCAP • Compatible with Windows System • Original: Polytechnic University of Turin • Now Developed by CACE Technologies • WinPCAP • Developer’s Pack

  7. Configure WinPCAP • Project -> Properties -> Configuration Properties • VC++ Directories • Add PCAP Include Directory • Add PCAP Lib Directory • Linker -> Input • Add wpcap.lib, Packet.lib, ws2_32.lib • Example

  8. Function Examples

  9. Configure Function Parameter • int pcap_findalldevs(pcap_if_t **alldevsp, char *ebuf) • alldevsp: NIC • ebuf: Error Message • int pcap_open_live(char *dev, int snaplen, int promisc, int ms, char *ebuf) • dev: Name of the Device • plen: A Maximum Number of Bytes to Capture • promisc: Promiscuous Mode, Non-zero Presents Promiscuous • ms: Some Amount of Time to Allow Packets Arrive • ebuf: Error Message

  10. Configure Function Parameter Cont. • int pcap_datalink(pcap_t *p) • p: The Return Value of pcap_open_live() • Return Value of pcap_datalink() • DLT_EN10MB: Ethernet • DLT_IEEE802_11: IEEE 802.11 Wireless LAN • More Examples • int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) • p: The Return Value of pcap_open_live() • fp: A Pointer to a bpf_program Struct • str: Filter Expression • optimize: Default Value is 1. • netmask: IPv4 Netmask of the Network

  11. Configure Function Parameter Cont. • int pcap_setfilter(pcap_t *p, struct bpf_program *fp) • p: The Return Value of pcap_open_live() • A Pointer to a bpf_program Struct • int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) • p: The Return Value of pcap_open_live() • cnt: Loop Times, zero means Infinite Loop • callback: Programmer Defined Function • user: NULL

  12. Configure Function Parameter Cont. • void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) • User: NULL • h: Packet Header • sp: Packet Content • void pcap_freealldevs(pcap_if_t *alldevsp) • alldevsp: NIC

  13. Reference • Wiki PCAP • Berkeley Packet Filter • WinPCAP Development Docs • Po-Chou Chen ,”Distribute Architecture for Real-Time Lawful Intercept in SIP-based VoIP Systems”, Master Thesis, Department of Computer Science and Information Engineering, National Chi Nan University ,Jun,2008.

  14. Configure WinPCAP Cont.

  15. Configure WinPCAP Cont. Back

More Related