返回首页
当前位置: 网站首页>>协议分析>>Winpcap>>

WinPcap远程捕获内部结构与定义

时间:2008-10-17 来源: 作者: 点击:
数据结构 struct activehosts Keeps a list of all the opened connections in the active mode. More... struct rpcap_header Common header for all the RPCAP messages. More... struct rpcap_findalldevs_if Format of the message for the interface description (
  数据结构
struct activehosts
Keeps a list of all the opened connections in the active mode. More...

struct rpcap_header
Common header for all the RPCAP messages. More...

struct rpcap_findalldevs_if
Format of the message for the interface description (findalldevs command). More...

struct rpcap_findalldevs_ifaddr
Format of the message for the address listing (findalldevs command). More...

struct rpcap_openreply
Format of the message of the connection opening reply (open command). More...

struct rpcap_startcapreq
Format of the message that starts a remote capture (startcap command). More...

struct rpcap_startcapreply
Format of the reply message that devoted to start a remote capture (startcap reply command). More...

struct rpcap_pkthdr
Format of the header which encapsulates captured packets when transmitted on the network. More...

struct rpcap_filter
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions. More...

struct rpcap_filterbpf_insn
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_filterbpf' header. More...

struct rpcap_auth
Structure that keeps the data required for the authentication on the remote host. More...

struct rpcap_stats
Structure that keeps the statistics about the number of packets captured, dropped, etc. More...

struct rpcap_sampling
Structure that is needed to set sampling parameters. More...



定义
#define RPCAP_DEFAULT_NETPORT "2002"
#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
#define RPCAP_DEFAULT_NETADDR ""
#define RPCAP_VERSION 0
#define RPCAP_TIMEOUT_INIT 90
#define RPCAP_TIMEOUT_RUNTIME 180
#define RPCAP_ACTIVE_WAIT 30
#define RPCAP_SUSPEND_WRONGAUTH 1
#define RPCAP_NETBUF_SIZE 64000
Buffer used by socket functions to send-receive packets. In case you plan to have messages larger than this value, you have to increase it.

#define RPCAP_HOSTLIST_SEP " ,;nr"
Separators used for the host list.

#define RPCAP_MSG_ERROR 1
#define RPCAP_MSG_FINDALLIF_REQ 2
#define RPCAP_MSG_OPEN_REQ 3
#define RPCAP_MSG_STARTCAP_REQ 4
#define RPCAP_MSG_UPDATEFILTER_REQ 5
#define RPCAP_MSG_CLOSE 6
#define RPCAP_MSG_PACKET 7
#define RPCAP_MSG_AUTH_REQ 8
#define RPCAP_MSG_STATS_REQ 9
#define RPCAP_MSG_ENDCAP_REQ 10
#define RPCAP_MSG_SETSAMPLING_REQ 11
#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
#define RPCAP_UPDATEFILTER_BPF 1
#define PCAP_ERR_NETW 1
#define PCAP_ERR_INITTIMEOUT 2
#define PCAP_ERR_AUTH 3
#define PCAP_ERR_FINDALLIF 4
#define PCAP_ERR_NOREMOTEIF 5
#define PCAP_ERR_OPEN 6
#define PCAP_ERR_UPDATEFILTER 7
#define PCAP_ERR_GETSTATS 8
#define PCAP_ERR_READEX 9
#define PCAP_ERR_HOSTNOAUTH 10
#define PCAP_ERR_REMOTEACCEPT 11
#define PCAP_ERR_STARTCAPTURE 12
#define PCAP_ERR_ENDCAPTURE 13
#define PCAP_ERR_RUNTIMETIMEOUT 14
#define PCAP_ERR_SETSAMPLING 15
#define PCAP_ERR_WRONGMSG 16
#define PCAP_ERR_WRONGVER 17


自定义类型
typedef unsigned char uint8
Provides an 8-bits unsigned integer.

typedef unsigned short uint16
Provides a 16-bits unsigned integer.

typedef unsigned int uint32
Provides a 32-bits unsigned integer.

typedef int int32
Provides a 32-bits integer.


--------------------------------------------------------------------------------

预处理定义文档
#define PCAP_ERR_AUTH 3

Generic authentication error

Definition at line 312 of file pcap-remote.h.


#define PCAP_ERR_ENDCAPTURE 13

Generic pcap_endcapture error

Definition at line 322 of file pcap-remote.h.


#define PCAP_ERR_FINDALLIF 4

Generic findalldevs error

Definition at line 313 of file pcap-remote.h.


#define PCAP_ERR_GETSTATS 8

Generic pcap_stats error

Definition at line 317 of file pcap-remote.h.


#define PCAP_ERR_HOSTNOAUTH 10

The host is not authorized to connect to this server

Definition at line 319 of file pcap-remote.h.


#define PCAP_ERR_INITTIMEOUT 2

The RPCAP initial timeout has expired

Definition at line 311 of file pcap-remote.h.


#define PCAP_ERR_NETW 1

Network error

Definition at line 310 of file pcap-remote.h.


#define PCAP_ERR_NOREMOTEIF 5

The findalldevs was ok, but the remote end had no interfaces to list

Definition at line 314 of file pcap-remote.h.


#define PCAP_ERR_OPEN 6

Generic pcap_open error

Definition at line 315 of file pcap-remote.h.


#define PCAP_ERR_READEX 9

Generic pcap_next_ex error

Definition at line 318 of file pcap-remote.h.


#define PCAP_ERR_REMOTEACCEPT 11

Generic pcap_remoteaccept error

Definition at line 320 of file pcap-remote.h.


#define PCAP_ERR_RUNTIMETIMEOUT 14

The RPCAP run-time timeout has expired

Definition at line 323 of file pcap-remote.h.


#define PCAP_ERR_SETSAMPLING 15

Error diring the settings of sampling parameters

Definition at line 324 of file pcap-remote.h.


#define PCAP_ERR_STARTCAPTURE 12

Generic pcap_startcapture error

Definition at line 321 of file pcap-remote.h.


#define PCAP_ERR_UPDATEFILTER 7

Generic updatefilter error

Definition at line 316 of file pcap-remote.h.


#define PCAP_ERR_WRONGMSG 16

The other end endpoint sent a message which has not been recognized

Definition at line 325 of file pcap-remote.h.


#define PCAP_ERR_WRONGVER 17

The other end endpoint ahs a version number that is not compatible with our

Definition at line 326 of file pcap-remote.h.


#define RPCAP_ACTIVE_WAIT 30

Waiting time betweek two attempts to open a connection, in active mode (default: 30 sec)

Definition at line 91 of file pcap-remote.h.


#define RPCAP_DEFAULT_NETADDR ""

Default network address on which the RPCAP daemon binds to.

Definition at line 87 of file pcap-remote.h.


#define RPCAP_DEFAULT_NETPORT "2002"

Default port on which the RPCAP daemon is waiting for connections.

Definition at line 84 of file pcap-remote.h.


#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"

Default port on which the client workstation is waiting for connections in case of active mode.

Definition at line 86 of file pcap-remote.h.


#define RPCAP_HOSTLIST_SEP " ,;nr"

Separators used for the host list.

It is used:

by the rpcapd daemon, when you types a list of allowed connecting hosts
by the rpcap in active mode, when the client waits for incoming connections from other hosts
Definition at line 108 of file pcap-remote.h.


#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)

Sends a message that says 'ok, authorization successful'

Definition at line 295 of file pcap-remote.h.


#define RPCAP_MSG_AUTH_REQ 8

Message that keeps the authentication parameters

Definition at line 286 of file pcap-remote.h.


#define RPCAP_MSG_CLOSE 6

Close the connection with the remote peer

Definition at line 284 of file pcap-remote.h.


#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)

Confirms that the capture stopped succesfully

Definition at line 297 of file pcap-remote.h.


#define RPCAP_MSG_ENDCAP_REQ 10

Stops the current capture, keeping the device open

Definition at line 288 of file pcap-remote.h.


#define RPCAP_MSG_ERROR 1

Message that keeps an error notification

Definition at line 279 of file pcap-remote.h.


#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)

Keeps the list of all the remote interfaces

Definition at line 291 of file pcap-remote.h.


#define RPCAP_MSG_FINDALLIF_REQ 2

Request to list all the remote interfaces

Definition at line 280 of file pcap-remote.h.


#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)

The remote device has been opened correctly

Definition at line 292 of file pcap-remote.h.


#define RPCAP_MSG_OPEN_REQ 3

Request to open a remote device

Definition at line 281 of file pcap-remote.h.


#define RPCAP_MSG_PACKET 7

This is a 'data' message, which carries a network packet

Definition at line 285 of file pcap-remote.h.


#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)

Confirms that the capture stopped succesfully

Definition at line 298 of file pcap-remote.h.


#define RPCAP_MSG_SETSAMPLING_REQ 11

Sset sampling parameters

Definition at line 289 of file pcap-remote.h.


#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)

The capture is staarting correctly

Definition at line 293 of file pcap-remote.h.


#define RPCAP_MSG_STARTCAP_REQ 4

Request to start a capture on a remote device

Definition at line 282 of file pcap-remote.h.


#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)

Message that keeps the network statistics

Definition at line 296 of file pcap-remote.h.


#define RPCAP_MSG_STATS_REQ 9

It requires to have network statistics

Definition at line 287 of file pcap-remote.h.


#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)

The filter has been applied correctly on the remote device

Definition at line 294 of file pcap-remote.h.


#define RPCAP_MSG_UPDATEFILTER_REQ 5

Send a compiled filter into the remote device

Definition at line 283 of file pcap-remote.h.


#define RPCAP_NETBUF_SIZE 64000

Buffer used by socket functions to send-receive packets. In case you plan to have messages larger than this value, you have to increase it.


Definition at line 98 of file pcap-remote.h.


#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2

Use a datagram (i.e. UDP) connection for the data stream (default: use TCP)

Definition at line 301 of file pcap-remote.h.


#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8

Capture only inbound packets (take care: the flag has no effects with promiscuous enabled)

Definition at line 303 of file pcap-remote.h.


#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16

Capture only outbound packets (take care: the flag has no effects with promiscuous enabled)

Definition at line 304 of file pcap-remote.h.


#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1

Enables promiscuous mode (default: disabled)

Definition at line 300 of file pcap-remote.h.


#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4

The server has to open the data connection toward the client

Definition at line 302 of file pcap-remote.h.


#define RPCAP_SUSPEND_WRONGAUTH 1

If the authentication is wrong, stops 1 sec before accepting a new auth message

Definition at line 92 of file pcap-remote.h.


#define RPCAP_TIMEOUT_INIT 90

Initial timeout for RPCAP connections (default: 90 sec)

Definition at line 89 of file pcap-remote.h.


#define RPCAP_TIMEOUT_RUNTIME 180

Run-time timeout for RPCAP connections (default: 3 min)

Definition at line 90 of file pcap-remote.h.


#define RPCAP_UPDATEFILTER_BPF 1

This code tells us that the filter is encoded with the BPF/NPF syntax

Definition at line 306 of file pcap-remote.h.


#define RPCAP_VERSION 0

Present version of the RPCAP protocol (0 = Experimental).

Definition at line 88 of file pcap-remote.h.



--------------------------------------------------------------------------------

自定义类型文档
typedef int int32

Provides a 32-bits integer.


Definition at line 117 of file pcap-remote.h.


typedef unsigned short uint16

Provides a 16-bits unsigned integer.


Definition at line 115 of file pcap-remote.h.


typedef unsigned int uint32

Provides a 32-bits unsigned integer.


Definition at line 116 of file pcap-remote.h.


typedef unsigned char uint8

Provides an 8-bits unsigned integer.


Definition at line 114 of file pcap-remote.h.

------分隔线----------------------------
顶一下
(1)
100%
踩一下
(0)
0%
------分隔线----------------------------
最新评论 查看所有评论
发表评论 查看所有评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
用户名: 密码: 验证码:
推荐内容
  • 如何编译WinPcap

    编译驱动 编译NPF时,有两个主要的路径:Windows NTx和Windows 9x。注意,因为NPF驱动...

  • winpcap 驱动简介

    winpcap(windowspacketcapture)是windows平台下一个免费,公共的网络访问系统。开发wi...

  • 命令行下装WinPcap

    WinPcap是个很常用的工具,但必须在窗口界面下安装。在网上也可以找到不用GUI的版本(...

  • WinPcap 教程

    原文出处:http://winpcap.polito.it/docs/man/html/index.html 作者: LorisDegioanni...