0

I need to set up a programming environment to read pcap files from Wireshark.(C++) Software libraries to read pcap files.(I do not know) I also need a DNS message parser to get the contents of the DNS messages.(also I did not find)

This what I did: I captured a traffic using Wireshark and save the file. I followed this steps from this site ((https://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/)) This is my code:

#include <string>
#include <iostream>
#include <pcap.h>


using namespace std;

int main(int argc, char *argv[])
{
string file = "C:\\Users\\It-am\\Desktop\\Master\\dns-ipv4-ipv6.pcap";

char errbuff[PCAP_ERRBUF_SIZE];

pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);

struct pcap_pkthdr *header;

const u_char *data;

u_int packetCount = 0;

while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
    printf("Packet # %i\n", ++packetCount);
    printf("Packet size: %d bytes\n", header->len);

    if (header->len != header->caplen)
        printf("Warning! Capture size different than packet size: %ld bytes\n", header->len);

    printf("Epoch Time: %d:%d seconds\n", header->ts.tv_sec, header->ts.tv_usec);

    for (u_int i = 0; (i < header->caplen); i++)
    {
        if ((i % 16) == 0) printf("\n");
        printf("%.2x ", data[i]);
    }
    printf("\n\n");
}
}

but in the end, I have an error ((LNK1104 cannot open file 'winpcap.lib')) If anyone can fix this problem I will be thankful. Or if someone hades another code to implement this data in C++ please help. Thanks in advance.

user0042
  • 7,917
  • 3
  • 24
  • 39
Ammar
  • 13
  • 5
  • Add the directory where `wincap.lib` is placed to your library search paths. – user0042 Oct 23 '17 at 13:21
  • I went to http://www.winpcap.org/devel.htm and downloaded the latest version and include the wincap.lib to my library but I faced the same problem – Ammar Oct 23 '17 at 13:37
  • You didn't read what I wrote. Maybe [this](https://stackoverflow.com/questions/24715864/problems-importing-libraries-to-my-c-project-how-to-fix-this) helps. – user0042 Oct 23 '17 at 13:39
  • 'doxygen' is not recognized as an internal or external command, operable program or batch file this error happens when I'm trying to build_wdpack from windows batch file provided from winpcap.org/devel.htm – Ammar Oct 23 '17 at 13:41
  • Apparently you're expected to have `doxygen` installed in order to generate the documentation. You should lookout for a flag to turn that part off in the build process. Nothing to do with your original question BTW. – user0042 Oct 23 '17 at 13:44

2 Answers2

2

The library name is not winpcap.lib, it is wpcap.lib. You probably also need to link against Packet.lib. You must tell the linker where the files are. The folders are Lib for Win32 and Lib\x64 for 64 bit.

Werner Henze
  • 16,404
  • 12
  • 44
  • 69
0

Use this sources of library pcap_file_generator. Example reading:

#include "pcap_file_generator.h"
...

PCAPFILE  * pfr = lpcap_open("./pcaplibtestfile.pcap");
  pcap_hdr_t   phdr;
  if( lpcap_read_header( pfr, &phdr ))
  {
    int rese_rec_read = 0 ;
    pcaprec_hdr_and_data_t  p_rec_data;
    do{   
       rese_rec_read = lpcap_read_frame_record( pfr , &p_rec_data);
      //p_rec_data -  contain data of record
    }while(rese_rec_read>0);
Wladimir Koroy
  • 123
  • 1
  • 1