Comments (7)
(Single quotes do not serve as "make this fixed-width text" brackets; you must use three backquotes, ```. Here's a properly-fixed-widthified, and better-indented, version of the code, which should be easier to read.)
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#include <Windows.h>
#include <winerror.h>
#include <stdio.h>
#include
using namespace std;
#include <tchar.h>
#include <strsafe.h>
#include <time.h>
BOOL LoadNpcapDlls()
{
_TCHAR npcap_dir[512];
UINT len;
len = GetSystemDirectory(npcap_dir, 480);
if (!len) {
fprintf(stderr, "Error in GetSystemDirectory: %x", GetLastError());
return FALSE;
}
_tcscat_s(npcap_dir, 512, _T("\Npcap"));
if (SetDllDirectory(npcap_dir) == 0) {
fprintf(stderr, "Error in SetDllDirectory: %x", GetLastError());
return FALSE;
}
return TRUE;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
time_t local_tv_sec;
(VOID)(param);
(VOID)(pkt_data);
/* convert the timestamp to readable format */
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d\n",
timestr, header->ts.tv_usec, header->len);
}
/* Main Decleration */
void wmain()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Load Npcap and its functions. */
if (!LoadNpcapDlls())
{
fprintf(stderr, "Couldn't load Npcap\n");
exit(1);
}
/* Retrieve the device list on the local machine */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,
NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure Npcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
/* Open the device */
if ((adhandle = pcap_open(d->name, // name of the device
2048, // portion of the packet to capture
// 65536 guarantees that the whole packet will
// be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,
"\nUnable to open the adapter. %s is not supported by Npcap\n",
d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
//Try setting monitor mode and error check, trimmed down to the error I'm facing
int mm_set = pcap_can_set_rfmon(adhandle);
if (mm_set == 0)
{
fprintf(stderr, "Error setting monitor mode: Device doesn't have MM capability\n");
}
else
{
if (!pcap_set_rfmon(adhandle, 1))
{
cout << "Monitor Mode Enabled, pcap_set_rfmon(...) == 0" << endl;
}
}
cout << endl;
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0
//indicating success but the pcap_activate() error check contradicts this
cout << pcap_set_rfmon(adhandle, 1) << endl;
//int status = pcap_activate(adhandle);
//Activate the interface for sniffing
if (pcap_activate(adhandle))
{
cout << endl;
pcap_perror(adhandle, "Error");
cout << endl;
pcap_set_rfmon(adhandle, 0);
pcap_activate(adhandle);
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
//pcap_freealldevs(alldevs);
/* start the capture */
pcap_loop(adhandle, 0, packet_handler, NULL);
}
from npcap.
And just use pcap_findalldevs()
.
from npcap.
if ((adhandle = pcap_open(d->name, // name of the device ... //Try setting monitor mode and error check, trimmed down to the error I'm facing
pcap_open()
does all the work to open a device; you can't set monitor mode after a device is opened.
You need to use pcap_create()
and pcap_activate()
, as well as:
pcap_set_snaplen()
to set the snapshot length to 2048 (BTW, there's no guarantee that 65535 is large enough for all link layers; tcpdump and Wireshark currently default to 262144 for most devices);pcap_set_timeout()
to set the buffer timeout to 1 second (1000 milliseconds).
You do not need to set promiscuous mode if you're setting monitor mode.
Those should be done between pcap_create()
and pcap_activate()
, along with...
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0 //indicating success but the pcap_activate() error check contradicts this cout << pcap_set_rfmon(adhandle, 1) << endl;
...the pcap_set_rfmon()
mode.
Older versions of libpcap would not catch attempts to set monitor mode after a pcap_t
has been activated, so that call would do nothing and then return 0. Newer versions of libpcap - including the version that the current version of Npcap uses - will check whether the pcap_t
is activated and return an error. (pcap_open_live()
and pcap_open()
return a pointer to an already-activated pcap_t
; pcap_create()
returns a pointer to an unactivated pcap_t
.)
What version of Npcap are you using?
from npcap.
Npcap version in Control Panel
Earlier while installing through Wireshark, it was having the version 1.78. So, I have to uninstall manually and install 1.79
using pcap_lib_version()
I will definitely try your above suggestion.
from npcap.
This is the entire code that I wrote.
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#include <Windows.h>
#include <winerror.h>
#include <stdio.h>
#include <iostream>
using namespace std;
#include <tchar.h>
#include <strsafe.h>
#include <time.h>
BOOL LoadNpcapDlls()
{
_TCHAR npcap_dir[512];
UINT len;
len = GetSystemDirectory(npcap_dir, 480);
if (!len) {
fprintf(stderr, "Error in GetSystemDirectory: %x", GetLastError());
return FALSE;
}
_tcscat_s(npcap_dir, 512, _T("\\Npcap"));
if (SetDllDirectory(npcap_dir) == 0) {
fprintf(stderr, "Error in SetDllDirectory: %x", GetLastError());
return FALSE;
}
return TRUE;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
time_t local_tv_sec;
// unused variables
(VOID)(param);
(VOID)(pkt_data);
// convert the timestamp to readable format
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d\n",
timestr, header->ts.tv_usec, header->len);
}
void wmain()
{
const char *pcap_version = pcap_lib_version();
printf("%s\n", pcap_version);
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
// Load Npcap and its functions.
if (!LoadNpcapDlls())
{
fprintf(stderr, "Couldn't load Npcap\n");
exit(1);
}
// Retrieve the device list on the local machine
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,
NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
// Print the list
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure Npcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
// Free the device list
pcap_freealldevs(alldevs);
return;
}
// Jump to the selected adapter
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
for (int j = 0; d->name[j]; j++)
cout << d->name[j] << endl;
// Create pcap handle
if ((adhandle = pcap_create(d->name, errbuf)) == NULL)
//if ((adhandle = pcap_create((const char*)L"rpcap://Device/NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}\0\0", errbuf)) == NULL)
//if ((adhandle = pcap_create("any", errbuf)) == NULL)
//if ((adhandle = pcap_create(NULL, errbuf)) == NULL)
{
printf("pcap_create() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
// Check if device can be put into monitor mode
if (pcap_can_set_rfmon(adhandle) == 0)
{
printf("Monitor mode can not be set.\n");
exit(EXIT_FAILURE);
}
// Attempt to put the card into monitor mode
if (pcap_set_rfmon(adhandle, 1) != 0)
{
printf("Failed to set monitor mode.\n");
exit(EXIT_FAILURE);
}
if (pcap_set_snaplen(adhandle, 2048) != 0) // Set the snapshot length to 2048
{
printf("Failed to set snaplen.\n");
exit(EXIT_FAILURE);
}
//if (pcap_set_promisc(adhandle, 0) != 0) // Turn promiscuous mode off
//{
// printf("Failed to set pcap_set_promisc.\n");
// exit(EXIT_FAILURE);
//}
if (pcap_set_timeout(adhandle, 1000) != 0) // Set the timeout to 512 milliseconds
{
printf("Failed to set timeout.\n");
exit(EXIT_FAILURE);
}
if (pcap_activate(adhandle) != 0)
{
printf("pcap_activate() failed\n");
exit(EXIT_FAILURE);
}
//int status = pcap_activate(handler);
//Try setting monitor mode and error check, trimmed down to the error I'm facing
int mm_set = pcap_can_set_rfmon(adhandle);
if (mm_set == 0)
{
fprintf(stderr, "Error setting monitor mode: Device doesn't have MM capability\n");
}
else
{
if (!pcap_set_rfmon(adhandle, 1))
{
cout << "Monitor Mode Enabled, pcap_set_rfmon(...) == 0" << endl;
}
}
cout << endl;
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0
//indicating success but the pcap_activate() error check contradicts this
cout << pcap_set_rfmon(adhandle, 1) << endl;
//int status = pcap_activate(adhandle);
//Activate the interface for sniffing
if (pcap_activate(adhandle))
{
cout << endl;
pcap_perror(adhandle, "Error");
cout << endl;
pcap_set_rfmon(adhandle, 0);
pcap_activate(adhandle);
}
printf("\nlistening on %s...\n", d->description);
// At this point, we don't need any more the device list. Free it
//pcap_freealldevs(alldevs);
// start the capture
pcap_loop(adhandle, 0, packet_handler, NULL);
}
But while calling pcap_create() it is throwing the following error.
pcap_create() failed: Error opening adapter: The filename, directory name, or volume label syntax is incorrect. (123)
I also tried to hardcode the string in C++ as given below, but still I got the same error.
rpcap://\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap:\\\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap://Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap://\\\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
Is there any format that I need to follow? Thank you.
from npcap.
Is there any format that I need to follow?
Yes. Try just \Device\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
(with double backslashes if necessary). pcap_create()
currently doesn't support URL syntax, but, as you're not doing a remote capture, the rpcap://
is unnecessary and can be omitted.
from npcap.
Thank you so much, now it is capturing.
I make habit of researching first and then post my doubts. But since this is helpful and working, so I will post my doubt directly in this thread. Can I reply to this 802.11 radio frames, provided, with my valid key properly? Thank you again.
from npcap.
Related Issues (20)
- API: pcap_next_ex did not get all the packets that met the requirements HOT 9
- pcap_oid_get_request is missing in npcap-1.79.exe HOT 1
- BSOD during VMware player (network driver) installation
- Update EV codesigning certificate used for Npcap and Nmap
- Update building documentation for Win11 SDK HOT 1
- Old version of Npcap on winget HOT 1
- Failed to capture traffic HOT 2
- Failure to Capture Virtual Adapter - winpcap can capture but npcap does not HOT 6
- PcapLiveDevice.cpp: sendPacket:628] Error sending packet: send error: PacketSendPacket failed: A device attached to the system is not functioning. (31) HOT 2
- Update Npcap to support NDIS 6.89 HOT 2
- With GNS3 and NPCAP not possible to ping and connect to host within GNS3
- Nmap Error: 'Error compiling our pcap filter: expression rejects all packets' HOT 6
- Not able to send 10 Gbps HOT 1
- Resolve Application Verifier stops in libpcap (wpcap.dll) included with Npcap 1.79 HOT 5
- Npcap Bug Report - Error 0x80070002 failed to install npcap service
- outbound packets logged twice on vEthernet HOT 2
- Fix reported BSOD in !NPF_RemoveFromGroupOpenArray HOT 1
- Create API calls for non-blocking packet writes HOT 2
- pcap_next_ex still have timeout even when pcap_set_immediate_mode HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npcap.