使用WinPcap编写Sniffer程序内容介绍Sniffer（嗅探器）设计原理什么是WinpcapWinPcap主要功能哪些应用适合使用WinPcapWinPcap不能胜任的事情Winpcap的安装编程环境设定Winpcap安装WinPcap的典型应用获得设备列表（一）pcap_if_t*alldevs，*d;inti=0;charerrbuf[PCAP_ERRBUF_SIZE];if(pcap_findalldevs(&alldevs,errbuf)==-1){fprintf(stderr,"Errorinpcap_findalldevs:%s\n",errbuf);exit(1);}for(d=alldevs;d;d=d->next){/*Printthelist*/printf("%d.%s",++i,d->name);if(d->description)printf("(%s)\n",d->description);elseprintf("(Nodescriptionavailable)\n");}if(i==0){printf("\nNointerfacesfound!MakesureWinPcapisinstalled.\n");return;}pcap_freealldevs(alldevs);获得设备列表（二）typedefstructpcap_ifpcap_if_tstructpcap_if{structpcap_if*next;char*name;char*description;structpcap_addr*addresses;bpf_u_int32flags;/*PCAP_IF_interfaceflags*/};structpcap_addr{structpcap_addr*next;structsockaddr*addr;structsockaddr*netmask;structsockaddr*broadaddr;structsockaddr*dstaddr;};打开一个适配器开始捕获数据包捕获数据包（回调机制）捕获数据包（直接方式）过滤数据包过滤设置举例过滤表达式解析数据包解析数据包Ethernet帧头IP报文头structsniff_ip{#ifBYTE_ORDER==LITTLE_ENDIANu_intip_hl:4,/*headerlength*/ip_v:4;/*version*/#endif#ifBYTE_ORDER==BIG_ENDIANu_intip_v:4,/*version*/ip_hl:4;/*headerlength*/#endif/*not_IP_VHL*/u_charip_tos;/*typeofservice*/u_shortip_len;/*totallength*/u_shortip_id;/*identification*/u_shortip_off;/*fragmentoffsetfield*/#defineIP_RF0x8000/*reservedfragmentflag*/#defineIP_DF0x4000/*don’tfragmentflag*/#defineIP_MF0x2000/*morefragmentsflag*/#defineIP_OFFMASK0x1fff/*maskforfragmentingbits*/u_charip_ttl;/*timetolive*/u_charip_p;/*protocol*/u_shortip_sum;/*checksum*/structin_addrip_src,ip_dst;/*sourceanddestaddress*/};TCP报文头structsniff_tcp{u_shortth_sport;/*sourceport*/u_shortth_dport;/*destinationport*/tcp_seqth_seq;/*sequencenumber*/tcp_seqth_ack;/*acknowledgementnumber*/#ifBYTE_ORDER==LITTLE_ENDIANu_intth_x2:4,/*(unused)*/th_off:4;/*dataoffset*/#endif#ifBYTE_ORDER==BIG_ENDIANu_intth_off:4,/*dataoffset*/th_x2:4;/*(unused)*/#endifu_charth_flags;#defineTH_FIN0x01#defineTH_SYN0x02#defineTH_RS