I need to set up a programming environment to read pcap files from Wireshark.(C++) Software libraries to read pcap files.(I do not know) I also need a DNS message parser to get the contents of the DNS messages.(also I did not find)
This what I did: I captured a traffic using Wireshark and save the file. I followed this steps from this site ((https://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/)) This is my code:
#include <string>
#include <iostream>
#include <pcap.h>
using namespace std;
int main(int argc, char *argv[])
{
string file = "C:\\Users\\It-am\\Desktop\\Master\\dns-ipv4-ipv6.pcap";
char errbuff[PCAP_ERRBUF_SIZE];
pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);
struct pcap_pkthdr *header;
const u_char *data;
u_int packetCount = 0;
while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
printf("Packet # %i\n", ++packetCount);
printf("Packet size: %d bytes\n", header->len);
if (header->len != header->caplen)
printf("Warning! Capture size different than packet size: %ld bytes\n", header->len);
printf("Epoch Time: %d:%d seconds\n", header->ts.tv_sec, header->ts.tv_usec);
for (u_int i = 0; (i < header->caplen); i++)
{
if ((i % 16) == 0) printf("\n");
printf("%.2x ", data[i]);
}
printf("\n\n");
}
}
but in the end, I have an error ((LNK1104 cannot open file 'winpcap.lib')) If anyone can fix this problem I will be thankful. Or if someone hades another code to implement this data in C++ please help. Thanks in advance.
wincap.lib
is placed to your library search paths. – user0042doxygen
installed in order to generate the documentation. You should lookout for a flag to turn that part off in the build process. Nothing to do with your original question BTW. – user0042