<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"><title>WinPcap: Sending Packets</title><link href="style.css" rel="stylesheet" type="text/css"><link href="tabs.css" rel="stylesheet" type="text/css"></head><body><!-- Generated by Doxygen 1.5.6 --><div class="navigation" id="top">  <div class="tabs">    <ul>      <li><a href="main.html"><span>Main&nbsp;Page</span></a></li>      <li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>      <li><a href="modules.html"><span>Modules</span></a></li>      <li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>      <li><a href="files.html"><span>Files</span></a></li>    </ul>  </div></div><div class="contents"><h1>Sending Packets</h1><table border="0" cellpadding="0" cellspacing="0"><tr><td></td></tr></table>Although the name <em>WinPcap</em> indicates clearly that the purpose of the library is packet capture, other useful features for raw networking are provided. Among them, the user can find a complete set of functions to send packets.<p>Note that the original libpcap library at the moment doesn't provide any way to send packets, therefore all the functions shown here are WinPcap extensions and will not work under Unix.<p><b>Sending a single packet with <a class="el" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket()</a></b><p>The simplest way to send a packet is shown in the following code snippet. After opening an adapter, <a class="el" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket()</a> is called to send a hand-crafted packet. <a class="el" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket()</a> takes as arguments a buffer containing the data to send, the length of the buffer and the adapter that will send it. Notice that the buffer is sent to the net as is, without any manipulation. This means that the application has to create the correct protocol headers in order to send something meaningful.<p><div class="fragment"><pre class="fragment"><span class="preprocessor">#include &lt;stdlib.h&gt;</span><span class="preprocessor">#include &lt;stdio.h&gt;</span><span class="preprocessor">#include &lt;pcap.h&gt;</span><span class="keywordtype">void</span> main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv){<a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7" title="Descriptor of an open capture instance. This structure is opaque to the user, that...">pcap_t</a> *fp;<span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927" title="Size to use when allocating the buffer that contains the libpcap errors.">PCAP_ERRBUF_SIZE</a>];u_char packet[100];<span class="keywordtype">int</span> i;    <span class="comment">/* Check the validity of the command line */</span>    <span class="keywordflow">if</span> (argc != 2)    {        printf(<span class="stringliteral">"usage: %s interface (e.g. 'rpcap://eth0')"</span>, argv[0]);        <span class="keywordflow">return</span>;    }        <span class="comment">/* Open the output device */</span>    <span class="keywordflow">if</span> ( (fp= <a class="code" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791" title="Open a generic source in order to capture / send (WinPcap only) traffic.">pcap_open</a>(argv[1],            <span class="comment">// name of the device</span>                        100,                <span class="comment">// portion of the packet to capture (only the first 100 bytes)</span>                        <a class="code" href="group__remote__open__flags.html#g9134ce51a9a6a7d497c3dee5affdc3b9" title="Defines if the adapter has to go in promiscuous mode.">PCAP_OPENFLAG_PROMISCUOUS</a>,  <span class="comment">// promiscuous mode</span>                        1000,               <span class="comment">// read timeout</span>                        NULL,               <span class="comment">// authentication on the remote machine</span>                        errbuf              <span class="comment">// error buffer</span>                        ) ) == NULL)    {        fprintf(stderr,<span class="stringliteral">"\nUnable to open the adapter. %s is not supported by WinPcap\n"</span>, argv[1]);        <span class="keywordflow">return</span>;    }    <span class="comment">/* Supposing to be on ethernet, set mac destination to 1:1:1:1:1:1 */</span>    packet[0]=1;    packet[1]=1;    packet[2]=1;    packet[3]=1;    packet[4]=1;    packet[5]=1;        <span class="comment">/* set mac source to 2:2:2:2:2:2 */</span>    packet[6]=2;    packet[7]=2;    packet[8]=2;    packet[9]=2;    packet[10]=2;    packet[11]=2;        <span class="comment">/* Fill the rest of the packet */</span>    <span class="keywordflow">for</span>(i=12;i&lt;100;i++)    {        packet[i]=(u_char)i;    }    <span class="comment">/* Send down the packet */</span>    <span class="keywordflow">if</span> (<a class="code" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket</a>(fp, packet, 100 <span class="comment">/* size */</span>) != 0)    {        fprintf(stderr,<span class="stringliteral">"\nError sending the packet: %s\n"</span>, <a class="code" href="group__wpcapfunc.html#g81305cb154e4497e95bbb9b708631a3a" title="return the error text pertaining to the last pcap library error.">pcap_geterr</a>(fp));        <span class="keywordflow">return</span>;    }    <span class="keywordflow">return</span>;}</pre></div><p><b>Send queues</b><p>While <a class="el" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket()</a> offers a simple and immediate way to send a single packet, <b> send queues </b> provides an advanced, powerful and optimized mechanism to send a collection of packets. A send queue is a container for a variable number of packets that will be sent to the network. It has a size, that represents the maximum amount of bytes it can store.<p>A send queue is created calling the <a class="el" href="group__wpcapfunc.html#gb940e69631b7cc7f2232a69ea02b86d9" title="Allocate a send queue.">pcap_sendqueue_alloc()</a> function, specifying the size of the new send queue.<p>Once the send queue is created, <a class="el" href="group__wpcapfunc.html#g4c57ea320d71dbfe55c5665af9db1297" title="Add a packet to a send queue.">pcap_sendqueue_queue()</a> can be used to add a packet to the send queue. This function takes a <a class="el" href="structpcap__pkthdr.html" title="Header of a packet in the dump file.">pcap_pkthdr</a> with the timestamp and the length and a buffer with the data of the packet. These parameters are the same as those received by <a class="el" href="group__wpcapfunc.html#g439439c2eae61161dc1efb1e03a81133" title="Read a packet from an interface or from an offline capture.">pcap_next_ex()</a> and <a class="el" href="group__wpcapfunc.html#gbcba231c099919ecd9300d7160b19878" title="Prototype of the callback function that receives the packets.">pcap_handler()</a>, therefore queuing a packet that was just captured or read from a file is a matter of passing these parameters to <a class="el" href="group__wpcapfunc.html#g4c57ea320d71dbfe55c5665af9db1297" title="Add a packet to a send queue.">pcap_sendqueue_queue()</a>.<p>To transmit a send queue, WinPcap provides the <a class="el" href="group__wpcapfunc.html#ga4d55eb047a1cccc0e28397ce04ee097" title="Send a queue of raw packets to the network.">pcap_sendqueue_transmit()</a> function. Note the third parameter: if nonzero, the send will be <em>synchronized</em>, i.e. the relative timestamps of the packets will be respected. This operation requires a remarkable amount of CPU, because the synchronization takes place in the kernel driver using "busy wait" loops. Although this operation is quite CPU intensive, it often results in very high precision packet transmissions (often around few microseconds or less).<p>Note that transmitting a send queue with <a class="el" href="group__wpcapfunc.html#ga4d55eb047a1cccc0e28397ce04ee097" title="Send a queue of raw packets to the network.">pcap_sendqueue_transmit()</a> is much more efficient than performing a series of <a class="el" href="group__wpcapfunc.html#g51dbda0f1ab9da2cfe49d657486d50b2" title="Send a raw packet.">pcap_sendpacket()</a>, because the send queue is buffered at kernel level drastically decreasing the number of context switches.<p>When a queue is no longer needed, it can be deleted with <a class="el" href="group__wpcapfunc.html#g72624f7a9932cc2124abf661001e0aa4" title="Destroy a send queue.">pcap_sendqueue_destroy()</a> that frees all the buffers associated with the send queue.<p>The next program shows how to use send queues. It opens a capture file with <a class="el" href="group__wpcapfunc.html#g91078168a13de8848df2b7b83d1f5b69" title="Open a savefile in the tcpdump/libpcap format to read packets.">pcap_open_offline()</a>, then it moves the packets from the file to a properly allocated send queue. At his point it transmits the queue, synchronizing it if requested by the user.<p>Note that the link-layer of the dumpfile is compared with the one of the interface that will send the packets using <a class="el" href="group__wpcapfunc.html#g64c019f851f7da6892d51cca15f12ace" title="Return the link layer of an adapter.">pcap_datalink()</a>, and a warning is printed if they are different -- it is important that the capture-file link-layer be the same as the adapter's link layer for otherwise the tranmission is pointless.<p><div class="fragment"><pre class="fragment"><span class="comment">/*</span><span class="comment"> * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)</span><span class="comment"> * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)</span><span class="comment"> * All rights reserved.</span><span class="comment"> *</span><span class="comment"> * Redistribution and use in source and binary forms, with or without</span><span class="comment"> * modification, are permitted provided that the following conditions</span><span class="comment"> * are met:</span><span class="comment"> *</span><span class="comment"> * 1. Redistributions of source code must retain the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer.</span><span class="comment"> * 2. Redistributions in binary form must reproduce the above copyright</span><span class="comment"> * notice, this list of conditions and the following disclaimer in the</span><span class="comment"> * documentation and/or other materials provided with the distribution.</span><span class="comment"> * 3. Neither the name of the Politecnico di Torino, CACE Technologies </span><span class="comment"> * nor the names of its contributors may be used to endorse or promote </span><span class="comment"> * products derived from this software without specific prior written </span><span class="comment"> * permission.</span><span class="comment"> *</span><span class="comment"> * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS</span><span class="comment"> * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR</span><span class="comment"> * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT</span><span class="comment"> * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,</span><span class="comment"> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT</span><span class="comment"> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,</span><span class="comment"> * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY</span><span class="comment"> * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT</span><span class="comment"> * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE</span><span class="comment"> * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</span><span class="comment"> *</span><span class="comment"> */</span><span class="preprocessor">#include &lt;stdlib.h&gt;</span><span class="preprocessor">#include &lt;stdio.h&gt;</span><span class="preprocessor">#include &lt;pcap.h&gt;</span><span class="keywordtype">void</span> usage();<span class="keywordtype">void</span> main(<span class="keywordtype">int</span> argc, <span class="keywordtype">char</span> **argv){    <a class="code" href="group__wpcap__def.html#g4711d025f83503ce692efa5e45ec60a7" title="Descriptor of an open capture instance. This structure is opaque to the user, that...">pcap_t</a> *indesc,*outdesc;    <span class="keywordtype">char</span> errbuf[<a class="code" href="group__wpcap__def.html#gcd448353957d92c98fccc29e1fc8d927" title="Size to use when allocating the buffer that contains the libpcap errors.">PCAP_ERRBUF_SIZE</a>];    <span class="keywordtype">char</span> source[<a class="code" href="group__remote__struct.html#gcacb155b596f7511f714de129ae32c97" title="Defines the maximum buffer size in which address, port, interface names are kept...">PCAP_BUF_SIZE</a>];    FILE *capfile;