Mario,
Someone else will probably chime in with more help (and hopefully
correct me if I make a mistake!) but
1. there are two interfaces,
packet.dll that runs on top of the driver (npf.sys)
winpcap that runs on top of packet.dll
2. The interface of choice is winpcap because it is the "supported" (and
therefore mostly unchanging) interface, whereas packet.dll may change
Unless you have some special needs you should at least start with
winpcap. Sounds like you did.
3. Unless you have special requirements you should use the developer
pack with the header files and precomiled libraries. You can find the
ddk somewhere online if you need it ( I don't remember where sorry) but
it is really not required, at least at this stage
4. Make sure that you have linked in wpcap.lib- I think you can either
include it in a VC++ project or do "properties/linker/inputs". - I think
this is your current problem.
5. In order to run you will need both packet.dll and winpcap.dll
I hope this help
Terry
Mario Hollibaugh wrote:
I am trying to develop a compact, customized-to-my-purposes packet
sniffer using VC++ v6.0. It was recommended to me that instead of
writing a program using hardware interfacing and working directly with
interrupts, to take a look at and use the WinPCap library. Normally I
can hack my way through things with computers, but right now I am so
frustrated I could cry.
<>When I look at the documentation (and believe me, I have spent
nearly 15 hours reading through the docs trying to help myself out) I
notice 2 things: 1) documentation entitled “WinPcap tutorial: a step
by step guide to program WinPcap”, and 2) WinPcap internals” under
which are “NPf driver internals manual” and “Packet Driver API
developer’s manual”. Through no amount of reading, or posting in my
usual newsgroups, have I been able to determine which section pertains
to me. Do I want to know how to “program WinPcap”, or do I want to use
the “Packet Driver API’s”? <>
Furthermore, I can’t “build the NPF driver” like it talks about in one
of the read-me’s that came with my download for WinPcap source v 3.0,
because I don’t have a DDK (driver development kit). Do I need to be
able to compile that in order to use the WinPcap library? Or do I only
need to take the precompiled library that comes with the download, put
it in the included libraries, and also make sure I get all the .h and
.c files that came with the source into an included path? <>
Moving on, when I tried to read the “WinPcap tutorial: a step by step
guide to program WinPcap” there are many sample programs. It seems to
me like the obvious thing to do is to compile/build/run these
porgrams, then read over the analysis provided in the tutorials.
However (and this has been MOST frustrating so far) EVERY program that
I try to compile give me “unresolved external symbols” errors when
linking. This error basically means “you have a data member or a
function that is defined in one of your header files, but it’s never
implemented anywhere in a corresponding .c or .lib file. How can this
be? I’ll give a concrete example: <>
The very first sample program in the tutorial is “Obtaining the Device
List”. When I cut and paste the code into VC++ 6.0, at link-time I get
the following error: <>
Linking...
main.obj : error LNK2001: unresolved external symbol _pcap_freealldevs
main.obj : error LNK2001: unresolved external symbol _pcap_findalldevs
Debug/blah.exe : fatal error LNK1120: 2 unresolved externals
Error executing link.exe. <>
So I go and look up pcap_freealldevs in the online documentation. The
documentation tells me that pcap_freealldevs is defined in pcap.h, and
is implemented in inet.c. I check my include and source directories in
my VC++ options, and the directories containing the files pcap.h and
inet.c are both listed. So why am I getting an unresolved external
symbol error? Why is VC++ not seeing the functions pcap_freealldevs
and pcap_findalldevs in inet.c, like it should? <>
I’m sorry this is such a long post, but I am ready to pull my hair
out. I am simply floored right now… any help in any form whatsoever is
going to be much appreciated, thanks. <>
Cheers,
Mario
================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[email protected]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
================================================================
