I need to set up a programming environment to read pcap files from Wireshark.(C++) Software libraries to read pcap files.(I do not know) I also need a DNS message parser to get the contents of the DNS messages.(also I did not find)
This what I did: I captured a traffic using Wireshark and save the file. I followed this steps from this site ((https://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/)) This is my code:
#include <string>
#include <iostream>
#include <pcap.h>
using namespace std;
int main(int argc, char *argv[])
{
string file = "C:\\Users\\It-am\\Desktop\\Master\\dns-ipv4-ipv6.pcap";
char errbuff[PCAP_ERRBUF_SIZE];
pcap_t * pcap = pcap_open_offline(file.c_str(), errbuff);
struct pcap_pkthdr *header;
const u_char *data;
u_int packetCount = 0;
while (int returnValue = pcap_next_ex(pcap, &header, &data) >= 0)
{
printf("Packet # %i\n", ++packetCount);
printf("Packet size: %d bytes\n", header->len);
if (header->len != header->caplen)
printf("Warning! Capture size different than packet size: %ld bytes\n", header->len);
printf("Epoch Time: %d:%d seconds\n", header->ts.tv_sec, header->ts.tv_usec);
for (u_int i = 0; (i < header->caplen); i++)
{
if ((i % 16) == 0) printf("\n");
printf("%.2x ", data[i]);
}
printf("\n\n");
}
}
but in the end, I have an error ((LNK1104 cannot open file 'winpcap.lib')) If anyone can fix this problem I will be thankful. Or if someone hades another code to implement this data in C++ please help. Thanks in advance.
The library name is not winpcap.lib, it is wpcap.lib. You probably also need to link against Packet.lib. You must tell the linker where the files are. The folders are Lib for Win32 and Lib\x64 for 64 bit.