0
votes

I've been trying to create a program to analyze ethernet frames captured in pcap files using MS Visual Studio 2012 in C++. I have downloaded latest WinPcap (4.1.3) and Libpcap (1.7.2).

I've managed to include all the sub-folders in the extracted libpcap folder into my project (if I added only the root folder, the includes didn't work). And yet I have an error saying that there is no definition of type "Adapter". So I searched all the files in the Libpcap and haven't found the definition. I've also tried to search if it is maybe defined in some sort of standard library, again with no luck.

Am I missing something? Do I need to include the libpcap in some special way? (currently I'm just including #include <pcap.h>)

I've also tried to play a bit and commented the errorous line in pcap.h:

Adapter *pcap_get_adapter(pcap_t *p);

And I got a different error:

Error 2 error LNK2019: unresolved external symbol _pcap_open_offline_with_tstamp_precision

So after some reaserch I've found that I may be missing some preprocessor definitions (WIN32;WPCAP;HAVE_REMOTE). That triggered yet another problem, that header file Win32-Extensions.h couldn't be found. And after that I just gave up.

Thanks for any suggestions.

3
Well it definetely won't fix the primary problem of missing type definition of "Adapter".Jan Prášek
In the end I maneged to get it working under Linux.Jan Prášek

3 Answers

0
votes

I have downloaded latest WinPcap (4.1.3) ... unresolved external symbol _pcap_open_offline_with_tstamp_precision

The latest WinPcap is not based on the latest libpcap, or even on a relatively recent version of libpcap, so it doesn't have pcap_open_offline_with_tstamp_precision(), it only has pcap_open_offline().

The latest version of WinPcap also can't read pcap-ng files, or "pcap with nanosecond resolution" files, so it can't give you nanosecond-precision time stamps in any case.

If you want to be able to read files with nanosecond-precision time stamps and get nanosecond-resolution time stamp values from them, you'll have to run on a UN*X and use a newer version of libpcap; that's what you've done on Linux.

If you want to be able to run your program on Windows with WinPcap - or on versions of UN*Xes with older versions of libpcap - you'll have to use pcap_open_offline() to open capture files, and live with microsecond-resolution time stamps.

I have downloaded latest WinPcap (4.1.3) and Libpcap (1.7.2).

You can't just throw them together and hope that it works. If you want to download the WinPcap and libpcap source, and try to merge them into an updated version of WinPcap, that will be a rather complicated project, and you'll probably need to study the source to both of them.

You may just want to install WinPcap, and the WinPcap developer's pack (yes, it says 4.1.2, but the 4.1.2 developer's pack works with 4.1.3, as the note says) and use that, and leave libpcap to the UN*X boxes.

0
votes

In order to use a class you need two things:

  1. A declaration. This one is in .h file and you have it;
  2. A definition. This one is inside the library (dynamic or static) the class is defined in. It seems, you miss this one. Have you linked to the library correctly? Please, check that, there is good chance that bad linking (or no linking) is the reason.
0
votes
  1. You should download and install WinPcap 4.1.3
  2. You should download WinPcap 4.1.2 SDK
  3. See "Examples-pcap\readfile\readfile.c" sample in the WinPcap 4.1.2 SDK archive. It will help to start.

If you have pcap-ng files or files with nanosecond precision, update your WinPcap library with WinPcap 4.1.3-libpcap 1.7.3 port