Comments (7)
guyharris
commented on August 24, 2024
1
(Single quotes do not serve as "make this fixed-width text" brackets; you must use three backquotes, ```. Here's a properly-fixed-widthified, and better-indented, version of the code, which should be easier to read.)
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#include <Windows.h>
#include <winerror.h>
#include <stdio.h>
#include
using namespace std;
#include <tchar.h>
#include <strsafe.h>
#include <time.h>
BOOL LoadNpcapDlls()
{
_TCHAR npcap_dir[512];
UINT len;
len = GetSystemDirectory(npcap_dir, 480);
if (!len) {
fprintf(stderr, "Error in GetSystemDirectory: %x", GetLastError());
return FALSE;
}
_tcscat_s(npcap_dir, 512, _T("\Npcap"));
if (SetDllDirectory(npcap_dir) == 0) {
fprintf(stderr, "Error in SetDllDirectory: %x", GetLastError());
return FALSE;
}
return TRUE;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
time_t local_tv_sec;
(VOID)(param);
(VOID)(pkt_data);
/* convert the timestamp to readable format */
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d\n",
timestr, header->ts.tv_usec, header->len);
}
/* Main Decleration */
void wmain()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Load Npcap and its functions. */
if (!LoadNpcapDlls())
{
fprintf(stderr, "Couldn't load Npcap\n");
exit(1);
}
/* Retrieve the device list on the local machine */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,
NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure Npcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
/* Open the device */
if ((adhandle = pcap_open(d->name, // name of the device
2048, // portion of the packet to capture
// 65536 guarantees that the whole packet will
// be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,
"\nUnable to open the adapter. %s is not supported by Npcap\n",
d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
//Try setting monitor mode and error check, trimmed down to the error I'm facing
int mm_set = pcap_can_set_rfmon(adhandle);
if (mm_set == 0)
{
fprintf(stderr, "Error setting monitor mode: Device doesn't have MM capability\n");
}
else
{
if (!pcap_set_rfmon(adhandle, 1))
{
cout << "Monitor Mode Enabled, pcap_set_rfmon(...) == 0" << endl;
}
}
cout << endl;
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0
//indicating success but the pcap_activate() error check contradicts this
cout << pcap_set_rfmon(adhandle, 1) << endl;
//int status = pcap_activate(adhandle);
//Activate the interface for sniffing
if (pcap_activate(adhandle))
{
cout << endl;
pcap_perror(adhandle, "Error");
cout << endl;
pcap_set_rfmon(adhandle, 0);
pcap_activate(adhandle);
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
//pcap_freealldevs(alldevs);
/* start the capture */
pcap_loop(adhandle, 0, packet_handler, NULL);
}
from npcap.
guyharris
commented on August 24, 2024
1
And just use pcap_findalldevs().
from npcap.
guyharris
commented on August 24, 2024
if ((adhandle = pcap_open(d->name, // name of the device ... //Try setting monitor mode and error check, trimmed down to the error I'm facing
pcap_open() does all the work to open a device; you can't set monitor mode after a device is opened.
You need to use pcap_create() and pcap_activate(), as well as:
pcap_set_snaplen()to set the snapshot length to 2048 (BTW, there's no guarantee that 65535 is large enough for all link layers; tcpdump and Wireshark currently default to 262144 for most devices);pcap_set_timeout()to set the buffer timeout to 1 second (1000 milliseconds).
You do not need to set promiscuous mode if you're setting monitor mode.
Those should be done between pcap_create() and pcap_activate(), along with...
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0 //indicating success but the pcap_activate() error check contradicts this cout << pcap_set_rfmon(adhandle, 1) << endl;
...the pcap_set_rfmon() mode.
Older versions of libpcap would not catch attempts to set monitor mode after a pcap_t has been activated, so that call would do nothing and then return 0. Newer versions of libpcap - including the version that the current version of Npcap uses - will check whether the pcap_t is activated and return an error. (pcap_open_live() and pcap_open() return a pointer to an already-activated pcap_t; pcap_create() returns a pointer to an unactivated pcap_t.)
What version of Npcap are you using?
from npcap.
kmramn
commented on August 24, 2024
Npcap version in Control Panel
Earlier while installing through Wireshark, it was having the version 1.78. So, I have to uninstall manually and install 1.79
using pcap_lib_version()
I will definitely try your above suggestion.
from npcap.
kmramn
commented on August 24, 2024
This is the entire code that I wrote.
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#include <Windows.h>
#include <winerror.h>
#include <stdio.h>
#include <iostream>
using namespace std;
#include <tchar.h>
#include <strsafe.h>
#include <time.h>
BOOL LoadNpcapDlls()
{
_TCHAR npcap_dir[512];
UINT len;
len = GetSystemDirectory(npcap_dir, 480);
if (!len) {
fprintf(stderr, "Error in GetSystemDirectory: %x", GetLastError());
return FALSE;
}
_tcscat_s(npcap_dir, 512, _T("\\Npcap"));
if (SetDllDirectory(npcap_dir) == 0) {
fprintf(stderr, "Error in SetDllDirectory: %x", GetLastError());
return FALSE;
}
return TRUE;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
time_t local_tv_sec;
// unused variables
(VOID)(param);
(VOID)(pkt_data);
// convert the timestamp to readable format
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d\n",
timestr, header->ts.tv_usec, header->len);
}
void wmain()
{
const char *pcap_version = pcap_lib_version();
printf("%s\n", pcap_version);
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
// Load Npcap and its functions.
if (!LoadNpcapDlls())
{
fprintf(stderr, "Couldn't load Npcap\n");
exit(1);
}
// Retrieve the device list on the local machine
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,
NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
// Print the list
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure Npcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
// Free the device list
pcap_freealldevs(alldevs);
return;
}
// Jump to the selected adapter
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
for (int j = 0; d->name[j]; j++)
cout << d->name[j] << endl;
// Create pcap handle
if ((adhandle = pcap_create(d->name, errbuf)) == NULL)
//if ((adhandle = pcap_create((const char*)L"rpcap://Device/NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}\0\0", errbuf)) == NULL)
//if ((adhandle = pcap_create("any", errbuf)) == NULL)
//if ((adhandle = pcap_create(NULL, errbuf)) == NULL)
{
printf("pcap_create() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
// Check if device can be put into monitor mode
if (pcap_can_set_rfmon(adhandle) == 0)
{
printf("Monitor mode can not be set.\n");
exit(EXIT_FAILURE);
}
// Attempt to put the card into monitor mode
if (pcap_set_rfmon(adhandle, 1) != 0)
{
printf("Failed to set monitor mode.\n");
exit(EXIT_FAILURE);
}
if (pcap_set_snaplen(adhandle, 2048) != 0) // Set the snapshot length to 2048
{
printf("Failed to set snaplen.\n");
exit(EXIT_FAILURE);
}
//if (pcap_set_promisc(adhandle, 0) != 0) // Turn promiscuous mode off
//{
// printf("Failed to set pcap_set_promisc.\n");
// exit(EXIT_FAILURE);
//}
if (pcap_set_timeout(adhandle, 1000) != 0) // Set the timeout to 512 milliseconds
{
printf("Failed to set timeout.\n");
exit(EXIT_FAILURE);
}
if (pcap_activate(adhandle) != 0)
{
printf("pcap_activate() failed\n");
exit(EXIT_FAILURE);
}
//int status = pcap_activate(handler);
//Try setting monitor mode and error check, trimmed down to the error I'm facing
int mm_set = pcap_can_set_rfmon(adhandle);
if (mm_set == 0)
{
fprintf(stderr, "Error setting monitor mode: Device doesn't have MM capability\n");
}
else
{
if (!pcap_set_rfmon(adhandle, 1))
{
cout << "Monitor Mode Enabled, pcap_set_rfmon(...) == 0" << endl;
}
}
cout << endl;
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0
//indicating success but the pcap_activate() error check contradicts this
cout << pcap_set_rfmon(adhandle, 1) << endl;
//int status = pcap_activate(adhandle);
//Activate the interface for sniffing
if (pcap_activate(adhandle))
{
cout << endl;
pcap_perror(adhandle, "Error");
cout << endl;
pcap_set_rfmon(adhandle, 0);
pcap_activate(adhandle);
}
printf("\nlistening on %s...\n", d->description);
// At this point, we don't need any more the device list. Free it
//pcap_freealldevs(alldevs);
// start the capture
pcap_loop(adhandle, 0, packet_handler, NULL);
}
But while calling pcap_create() it is throwing the following error.
pcap_create() failed: Error opening adapter: The filename, directory name, or volume label syntax is incorrect. (123)
I also tried to hardcode the string in C++ as given below, but still I got the same error.
rpcap://\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap:\\\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap://Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
rpcap://\\\\Device\\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6}
Is there any format that I need to follow? Thank you.
from npcap.
guyharris
commented on August 24, 2024
Is there any format that I need to follow?
Yes. Try just \Device\NPF_{A0C40D7F-C59D-4ECA-86A3-C4A30B549BE6} (with double backslashes if necessary). pcap_create() currently doesn't support URL syntax, but, as you're not doing a remote capture, the rpcap:// is unnecessary and can be omitted.
from npcap.
kmramn
commented on August 24, 2024
Thank you so much, now it is capturing.
I make habit of researching first and then post my doubts. But since this is helpful and working, so I will post my doubt directly in this thread. Can I reply to this 802.11 radio frames, provided, with my valid key properly? Thank you again.
from npcap.
Related Issues (20)
- API: pcap_next_ex did not get all the packets that met the requirements HOT 9
- pcap_oid_get_request is missing in npcap-1.79.exe HOT 1
- BSOD during VMware player (network driver) installation
- Update EV codesigning certificate used for Npcap and Nmap
- Update building documentation for Win11 SDK HOT 1
- Old version of Npcap on winget HOT 1
- Failed to capture traffic HOT 2
- Failure to Capture Virtual Adapter - winpcap can capture but npcap does not HOT 6
- PcapLiveDevice.cpp: sendPacket:628] Error sending packet: send error: PacketSendPacket failed: A device attached to the system is not functioning. (31) HOT 2
- Update Npcap to support NDIS 6.89 HOT 2
- With GNS3 and NPCAP not possible to ping and connect to host within GNS3
- Nmap Error: 'Error compiling our pcap filter: expression rejects all packets' HOT 6
- Not able to send 10 Gbps HOT 1
- Resolve Application Verifier stops in libpcap (wpcap.dll) included with Npcap 1.79 HOT 5
- Npcap Bug Report - Error 0x80070002 failed to install npcap service
- outbound packets logged twice on vEthernet HOT 2
- Fix reported BSOD in !NPF_RemoveFromGroupOpenArray HOT 1
- Create API calls for non-blocking packet writes HOT 2
- pcap_next_ex still have timeout even when pcap_set_immediate_mode HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npcap.