hgf/qt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
qt/ledset/WpdPack_4_1_2/docs/html/main.html

238 lines
11 KiB
HTML
Raw Normal View History

提交ledset
2022-08-25 18:43:03 +08:00
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<title>WinPcap: WinPcap Documentation</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="style.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<!-- Generated by Doxygen 1.6.1 -->
<div class="navigation" id="top">
<div class="tabs">
<ul>
<li class="current"><a href="main.html"><span>Main&nbsp;Page</span></a></li>
<li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
<li><a href="modules.html"><span>Modules</span></a></li>
<li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
<li><a href="files.html"><span>Files</span></a></li>
</ul>
</div>
</div>
<div class="contents">
<h1>WinPcap Documentation</h1><h3>4.1.2 </h3><div align="center">
<img src="winpcap.gif" alt="winpcap.gif"/>
</div>
<dl>
<dt><strong>Authors:</strong></dt>
<dd>The WinPcap Team</dd>
<dt><strong>Home page:</strong></dt>
<dd><a href="http://www.winpcap.org">http://www.winpcap.org</a></dd>
</dl>
<hr>
<h2>Modules</h2>
<ul>
<li><a class="el" href="group__wpcap.html">WinPcap user's manual</a><ul>
<li><a class="el" href="group__wpcap__def.html">Definitions</a></li>
<li><a class="el" href="group__wpcapfunc.html">Exported functions</a></li>
<li><a class="el" href="group__language.html">Filtering expression syntax</a></li>
<li><a class="el" href="group__wpcapsamps.html">Using WinPcap in your programs</a></li>
<li><a class="el" href="group__wpcap__tut.html">WinPcap tutorial: a step by step guide to using WinPcap</a><ul>
<li><a class="el" href="group__wpcap__tut1.html">Obtaining the device list</a></li>
<li><a class="el" href="group__wpcap__tut2.html">Obtaining advanced information about installed devices</a></li>
<li><a class="el" href="group__wpcap__tut3.html">Opening an adapter and capturing the packets</a></li>
<li><a class="el" href="group__wpcap__tut4.html">Capturing the packets without the callback</a></li>
<li><a class="el" href="group__wpcap__tut5.html">Filtering the traffic</a></li>
<li><a class="el" href="group__wpcap__tut6.html">Interpreting the packets</a></li>
<li><a class="el" href="group__wpcap__tut7.html">Handling offline dump files</a></li>
<li><a class="el" href="group__wpcap__tut8.html">Sending Packets</a></li>
<li><a class="el" href="group__wpcap__tut9.html">Gathering Statistics on the network traffic</a></li>
</ul>
</li>
</ul>
</li>
<li><a class="el" href="group__internals.html">WinPcap internals</a><ul>
<li><a class="el" href="group__NPF.html">NPF driver internals manual</a><ul>
<li><a class="el" href="group__NPF__include.html">NPF structures and definitions</a></li>
<li><a class="el" href="group__NPF__code.html">NPF functions</a></li>
</ul>
</li>
<li><a class="el" href="group__packetapi.html">Packet.dll -- Packet Driver API</a></li>
<li><a class="el" href="group__compilation.html">How to compile WinPcap</a></li>
</ul>
</li>
<li><a class="el" href="group__remote.html">Remote Capture</a><ul>
<li><a class="el" href="group__remote__struct.html">Exported Structures and Definitions</a></li>
<li>Exported Functions. For a reference of the functions that support remote capture, see the "Windows-specific Extensions" in the WinPcap <a class="el" href="group__wpcapfunc.html">Exported functions</a> section.</li>
<li><a class="el" href="group__remote__pri__struct.html">Internal Structures and Definitions</a></li>
</ul>
</li>
</ul>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 6.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title></title>
</head>
<body>
<hr>
<h2>Introduction</h2>
<p>This Manual describes the
programming interface and the source code of WinPcap. It provides detailed
descriptions of the functions and structures exported to programmers, along
with complete documentation of the WinPcap internals. Several tutorials and
examples are provided as well.&nbsp;
</p>
<p>You can follow the links at the top of this page or use the tree control at
the left to reach sections of interest.
</p>
<p>This documentation was created using the Doxygen documentation system, that can
be found at <a href="http://www.doxygen.org/index.html">http://www.doxygen.org</a>.
</p>
<h2>What is WinPcap</h2>
<p>WinPcap is an open source library for packet capture and network analysis for
the Win32 platforms.</p>
<p>Most networking applications access the network through widely used operating
system primitives such as sockets.&nbsp; It is easy to access data on the
network with this approach since the operating system copes with the low level
details (protocol handling, packet reassembly, etc.) and provides a familiar
interface that is similar to the one used to read and write files.
</p>
<p>Sometimes, however, the 'easy way' is not up to the task, since some
applications require direct access to packets on the network.&nbsp; That is, they
need access to the &quot;raw&quot; data on the network without the interposition of
protocol processing by the operating system. </p>
<p>The purpose of WinPcap is to give this kind of access to Win32 applications;
it provides facilities to:</p>
<ul>
<li>capture
raw packets, both the ones destined to the machine where it's running and
the ones exchanged by other hosts (on shared media)</li>
<li>filter
the packets according to user-specified rules before dispatching them to the
application</li>
<li>transmit raw packets to the network</li>
<li>gather statistical information on the network traffic</li>
</ul>
<p>This set of capabilities is obtained by means of a device driver, that is
installed inside the networking portion of Win32 kernels, plus a couple of DLLs.</p>
<p>All these features are exported through a powerful programming interface,
easily exploitable by the applications and available on different OSes. The main
goal of this manual is to document this interface, with the help of several
examples.&nbsp; If you are interested in starting your exploration right away
you can go directly to the <a href="group__wpcap.html">WinPcap user's manual</a>.</p>
<h3>What kind of programs use WinPcap</h3>
<p>The WinPcap programming interface can be used by many types of network tools
for analysis, troubleshooting, security and
monitoring. In particular, classical tools that rely on WinPcap are:</p>
<ul>
<li>network and protocol analyzers</li>
<li>network monitors</li>
<li>traffic loggers</li>
<li>traffic generators</li>
<li>user-level bridges and routers</li>
<li>network intrusion detection systems (NIDS)</li>
<li>network scanners</li>
<li>security tools</li>
</ul>
<h3>What WinPcap can't do</h3>
<p>WinPcap receives and sends the packets <i>independently</i> from the host
protocols, like TCP-IP. This means that it isn't able to block, filter or
manipulate the traffic generated by other programs on the same machine: it
simply &quot;sniffs&quot; the packets that transit on the wire. Therefore, it does not
provide the appropriate support for applications like traffic shapers, QoS
schedulers and personal firewalls. </p>
<h2>Purpose of this manual</h2>
<p>The purpose of this manual is to provide a comprehensive and easy way to
browse the documentation of the WinPcap architecture. You will find two main
sections: <a href="group__wpcap.html">WinPcap user's manual</a> and <a href="group__internals.html">WinPcap Internals</a>.</p>
<p>The first one can be used by a programmer who needs to exploit WinPcap from
an application: it contains all the information about functions and data
structures exported by the WinPcap API, a manual that explains how to write
packet filters and a page that explains how to include it in an application. A
tutorial with several code samples is provided as well; it can be used to learn
the basics of the WinPcap API using a step-by-step approach, but it also offers
code snippets that demonstrate advanced features. &nbsp;</p>
<p>The second section is intended for WinPcap developers and maintainers, or for
people who are curious about how this system works: it provides a general
description of the WinPcap architecture and explains how it works. Additionally,
it documents the complete device driver structure, the source code, the packet.dll
interface and the low-level WinPcap API.
If you want to understand what happens inside WinPcap or if you need to extend
it, this is the section you will want to read.</p>
<h2>Additional Documentation</h2>
<p>For additional and up-to-date documentation, we suggest that you look at&nbsp; <a href="http://www.winpcap.org/docs/">http://www.winpcap.org/docs/</a>
</p>
<p>In particular, if you are interested in
the structure and the internals of WinPcap, we suggest reading the
following documents:</p>
<ul>
<li>Fulvio Risso, Loris Degioanni, <a href="http://www.winpcap.org/docs/iscc01-wpcap.pdf">An
Architecture for High Performance Network Analysis</a>, <i>Proceedings of
the 6<sup>th</sup> IEEE Symposium on Computers and Communications (ISCC
2001)</i>, Hammamet, Tunisia, July 2001</li>
<li>Loris Degioanni, Mario Baldi, Fulvio Risso and Gianluca Varenni,
<a href="http://www.winpcap.org/docs/WinPcap-SBAC03.pdf">Profiling and
Optimization of Software-Based Network-Analysis Applications</a>, <i>
Proceedings of the 15<sup>th</sup> IEEE Symposium on Computer Architecture
and High Performance Computing (SBAC-PAD 2003)</i>, Sao Paulo, Brasil,
November 2003
<li>Loris Degioanni, <a href="http://www.winpcap.org/docs/th_degio.zip">Development
of an Architecture for Packet Capture and Network Traffic Analysis</a>,
Graduation Thesis, Politecnico Di Torino (Turin, Italy, Mar. 2000)
</ul>
<h2>Terminology</h2>
<ul>
<li>For consistency with the literature, we will use the term <i>packet</i> even
though <i>frame</i> is more accurate since the capture process is done at
the data-link layer and the data-link header is included in the captured
data.</li>
<li>The term Win9x will be used in this documentation to indicate the family of
Microsoft OSes made up of Windows 95 and its derivatives, i.e. Windows 98 and
Windows ME. The term WinNTx will indicate the OSes built upon the NT kernel,
starting from Windows NT 4 and including Windows 2000, Windows XP,
Windows Server 2003 and so on.</li>
</ul>
<h2>Note</h2>
<p>Our development and documentation efforts focus primarily on the
Windows NT/2000/XP/2003/Vista/2008/Win7/2008R2 version of WinPcap. This choice is based on the fact that the
majority of the WinPcap users work on NTx systems, but also because the 9x technology
has been abandoned by Microsoft. Moreover, we assume that a person who needs to
use a PC for an advanced task like network analysis will install an advanced OS
on the machine. For this reason, the documentation will refer to the WinNTx
drivers and APIs. Win9x versions are very similar in the concept but sometimes
differ in the implementation and, occasionally, the Win9x version of the API
lacks some of the more advanced functionality. This manual describes the
complete API and will indicate when a function is present only in Windows NTx.</p>
<p>&nbsp;</p>
</body>
</html>
</div>
<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.</p>
Reference in New Issue Copy Permalink