0
votes

I need to set up a programming environment to read pcap files from Wireshark.(C++) Software libraries to read pcap files.(I do not know) I also need a DNS message parser to get the contents of the DNS messages.(also I did not find)

This what I did: I captured a traffic using Wireshark and save the file. I followed this steps from this site ((https://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/)) This is my code:

#include <string>
#include <iostream>
#include <pcap.h>


using namespace std;

int main(int argc, char *argv[])
{
string file = "C:\\Users\\It-am\\Desktop\\Master\\dns-ipv4-ipv6.pcap";

char errbuff[PCAP_ERRBUF_SIZE];

pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);

struct pcap_pkthdr *header;

const u_char *data;

u_int packetCount = 0;

while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
    printf("Packet # %i\n", ++packetCount);
    printf("Packet size: %d bytes\n", header->len);

    if (header->len != header->caplen)
        printf("Warning! Capture size different than packet size: %ld bytes\n", header->len);

    printf("Epoch Time: %d:%d seconds\n", header->ts.tv_sec, header->ts.tv_usec);

    for (u_int i = 0; (i < header->caplen); i++)
    {
        if ((i % 16) == 0) printf("\n");
        printf("%.2x ", data[i]);
    }
    printf("\n\n");
}
}

but in the end, I have an error ((LNK1104 cannot open file 'winpcap.lib')) If anyone can fix this problem I will be thankful. Or if someone hades another code to implement this data in C++ please help. Thanks in advance.

2
Add the directory where wincap.lib is placed to your library search paths.user0042
I went to winpcap.org/devel.htm and downloaded the latest version and include the wincap.lib to my library but I faced the same problemAmmar
You didn't read what I wrote. Maybe this helps.user0042
'doxygen' is not recognized as an internal or external command, operable program or batch file this error happens when I'm trying to build_wdpack from windows batch file provided from winpcap.org/devel.htmAmmar
Apparently you're expected to have doxygen installed in order to generate the documentation. You should lookout for a flag to turn that part off in the build process. Nothing to do with your original question BTW.user0042

2 Answers

2
votes

The library name is not winpcap.lib, it is wpcap.lib. You probably also need to link against Packet.lib. You must tell the linker where the files are. The folders are Lib for Win32 and Lib\x64 for 64 bit.

0
votes

Use this sources of library pcap_file_generator. Example reading:

#include "pcap_file_generator.h"
...

PCAPFILE  * pfr = lpcap_open("./pcaplibtestfile.pcap");
  pcap_hdr_t   phdr;
  if( lpcap_read_header( pfr, &phdr ))
  {
    int rese_rec_read = 0 ;
    pcaprec_hdr_and_data_t  p_rec_data;
    do{   
       rese_rec_read = lpcap_read_frame_record( pfr , &p_rec_data);
      //p_rec_data -  contain data of record
    }while(rese_rec_read>0);