winpcap

问题 I am currently working on a program which sniffs TCP packets being sent and received to and from a particular address. What I am trying to accomplish is replying with custom tailored packets to certain received packets. I've already got the parsing done. I can already generated valid Ethernet, IP, and--for the most part--TCP packets. The only thing that I cannot figure out is how the seq / ack numbers are determined. While this may be irrelevant to the problem, the program is written in C++

问题 All, I've spent a fair part of the day looking at various PCAP libraries and before I commit to writing a PCAP writer I'd like to describe my scenario and solicit input. I have a client that has asked that I provide a service that reads pcap files and writes the packets into their database of choice. The client then can query the database (datetime range) and the result should eventually be a pcap file containing the packets that matched that range criteria. What I have found with the

问题 I already know how to read a pcap file and get the packets it have.B ut how can I write the packets into a new pcap file? I need this to merge two pcap files into one. 回答1: As per my comment, libpcap/WinPcap is a library, not a program, so to use libpcap/WinPcap to merge capture files, you'd have to write your own code to do the merging, using libpcap/WinPcap to read the input files and write the output files. You could use an existing tool, such as tracemerge or Wireshark's mergecap, to

问题 i need to build network monitor that sniff the network and to hold ip policy that will enable me to block the network based on this policy for example: if im getting incoming http protocol from ip that is in my ip policy black list and now i like to block it and for example redirect this http request so it could contain now my http packet ( packet injection ? ) dose winpcap can do the job ? To be more to the point basically what i need is to build simple url blocking app .. Which approach

问题 I've been using winpcap to send raw packets over a wired connection for a while now. I'm building my own protocol (nothing special, just getting the hang of it) but now I want to extend it to wireless connections too. Does winpcap allow me to send raw packets over a wireless adapter? I'm using VC++ on windows xp and windows 7. On my windows 7 machine it seems to work, but on my xp machine winpcap can't even open my adapter to send/receive packets. I tried to launch wireshark on my xp machine

问题 I have used the code from winpcap example to send pcap file(original code from winpcap documenation found at this link) It works fine to send a small pcap files but if I tried to send a large pcap file (larger than available memory size say 2 Gb) it will fail for sure. This code is used to allocate size of the file in memory in order to send it later caplen= ftell(capfile)- sizeof(struct pcap_file_header); ... /* Allocate a send queue */ squeue = pcap_sendqueue_alloc(caplen); The question is

问题 Specifications can be seen here: http://www.winpcap.org/docs/docs_40_2/html/group__wpcapsamps.html It's very strange,either .lib or .dll is enough IMO,why does it require both? 回答1: In general, you need the .lib for the linker, and .dll at runtime. The .lib file is called an "import library", which contains the glue that tells the linker the functions you're calling can be found in the associated .dll file. You will probably find that only the .dll file is required at runtime. This is a

问题 Id like to know the process to link the Wincap library and use it in my c++ project im developing in Code Blocks. 回答1: After struggling to do this myself I figured that I should post my solution here. You will need to download the developer version of WinPCap and unzip it somewhere, lets say "C:\WpdPack_4_1_2". In Code::Blocks , you need to add the "Include" sub directory to the search directories. To do this, go to settings->compiler and click on the "Search directories" tab. For the

问题 I went to winpcap.org today, downloaded the installer, and installed WinPcap on my Windows 7 laptop PC. However, the folder where it was installed contains only an installation log, an executable called rpcapd.exe, and an uninstall executable. When I run rpcapd.exe a dos shell appears: Press CTLR+C to stop the server... and nothing happens until I press CTRL+C, which closes the window. When I create a project in Microsoft Visual Studio and include < pcap.h >, I'm told there is no such file or

问题 everyone. I am doing some modifications to the WinPcap, a packet capturing library. My boss want me to transfer the NDIS version of WinPcap from NDIS 4 to NDIS 6. And the compatibility requirement is Windows XP/Vista/7/8 (32bit and 64bit). I found that the latest version of NDIS is 6.3, but I'm afraid that NDIS 6.3 does not support XP any more, is this true? Also I found in WinPcap website that the current WinPcap 4.1.3 has already supported Windows XP/2003/Vista/2008/Win7/2008R2/Win8 (x86