我必须遵循问题。 我需要扫描.pcap文件(保存的文件)以重新传输tcp数据包。 我正在使用Winpcap lib。我尝试使用pcap_stats()检查丢弃的数据包(也代表重新传输的数据包),但发现pcap_stats()只能用于实时捕获而不是保存的文件。有没有办法解决这个限制,或者我看错了吗? 到目前为止,这是我的代码:
int main(int argc, char **argv)
{
pcap_t *fp; //File pointer
char errbuff[PCAP_ERRBUF_SIZE]; //Error buffer
char source[PCAP_BUF_SIZE]; //Source string
struct pcap_pkthdr *header; //Packet header
const u_char *pkt_data; //Packet data
pcap_stat *ps; // Packet stats
char packet_filter[] = "tcp"; //Filter paramaters
struct bpf_program fcode; //compiled filter code
int res; //File reading result
u_int i = 0;
time_t start = time(NULL);
time_t sec;
int lps; //Lines per second
//Create source string
if (pcap_createsrcstr(source, //Source string
PCAP_SRC_FILE, //Open local file
NULL, //Host
NULL, //Port
argv[1], //File name
errbuff //Error buffer
) != 0)
{
fprintf(stderr, "\n Error creating source string");
return -1;
}
//Open File
if ((fp = pcap_open(source, //Device
65536, //Capture size (65536 = whole packet)
PCAP_OPENFLAG_PROMISCUOUS, //Flags
1000, //Timeout
NULL, //Authentication
errbuff //Error buffer
)) == NULL)
{
fprintf(stderr, "Error opening file", source);
return -1;
}
//Complie filter
if ((pcap_compile(fp, //File pointer
&fcode, //Compiled filter code
packet_filter, //Filter paramaters
1, //Optimazation
NULL //netmask
)) < 0)
{
fprintf(stderr, "\n Unable to complile packet filter");
return -1;
}
//Set filter
if ((pcap_setfilter(fp, //File pointer
&fcode //Compiled filter code
)) < 0)
{
fprintf(stderr, "\n Error setting filter");
return -1;
}
if ((pcap_stats(fp, ps)) < 0)
{
fprintf(stderr, "failed to retrive statistics");
printf(pcap_geterr(fp));
return -1;
}
//Read file
while ((res = pcap_next_ex(fp, &header, &pkt_data)) >= 0)
{
}
if (res == -1)
{
printf("Error reading the packets %s\n", pcap_geterr(fp));
}
printf("%f%%", (ps->ps_capt)/(ps->ps_recv) * 100); //percentage of accepted packets
sec = time(NULL) - start;
if (sec > 0)
{
lps = (ps->ps_recv) / sec;
printf("\nSpeed: %d Packets/second", lps);
}
else
{
lps = (ps->ps_recv);
printf("\nSpeed: %d Packets/second", lps);
}
return 0;
}
答案 0 :(得分:0)
无论好坏,数据包统计信息不保存在pcap文件中;文件格式中没有任何内容可以支持它。
pcap-ng支持它,但libpcap还不支持编写pcap-ng文件,而WinPcap基于早期版本的libpcap,甚至不支持读取它们。
这可能会在未来的某个未知点上有所改善。