Winpcap

Winpcap (Windows packet capture) is a free Windows the workbench, public access to the network system. Development winpcap the purpose of the project is to provide access to the network win32 application of the bottom of ability.

Winpcap drive each function

1 > capture raw data packets, including in sharing network on the host the transmit/receive and mutual exchange between the packet;

2 > in packets sent to application according to custom, before the rules will be some special packet filters out;

3 > on the network to send the original packet;

4 > collection network communication process of statistical information.

The main functions of the winpcap is independent of the host protocol (such as TCP-IP) and send and receive the original packets. That is, winpcap can't jam, filter or control other applications of data packets, it is just send the monitor sharing network transmission of data packets. Therefore, it can not be used in QoS scheduling program or a personal firewall. At present, winpcap development the main object is Windows NT / 2000 / XP, mainly because the winpcap users in the use of only a small part is only use the Windows 95/98 / Me, and MS also has given in win9x development. So this article related procedure T-is also facing ARP NT / 2000 / XP users. In fact the winpcap for 9 x system concept and NT system is very similar, but in some kind of difference, for example, to realize 9 x only support ANSI coding, and NT system will advocate use Unicode coding. There is a software called sniffer pro. Can be made with network management software, there are a lot of function, can monitor network movement situation, each network data flow within the machine, real-time reflect every machine to access the IP and the data flow between them, can be caught, can be set to filter, to only grab want to bag, such as POP3 bag, SMTP bag, FTP bags, etc, and can find email user name and password, and FTP user name and password. It can also be used in the network monitoring, the switch to mount it on the switch but a software. There is a simple monitoring software that Passwordsniffer, can intercept email user name and password, and FTP user name and password, it can only be used on on the network. Famous software tcpdump and ids snort are based on libpcap preparation, and in addition Nmap scanner is also based on libpcap to capture the target host returns of the packet.

Winpcap to offer users of two different levels of programming interface: a libpcap based on the wpcap. DLL, another is a packet. The bottom of the DLL. For the average to and Unix platforms libpcap compatible development for, use wpcap. Of course is the choice of the DLL.