WinPCap捕获FTP用户名密码

首先要经历的步骤：
1.获取所有可监听的网络适配器，并选择其一。存储在 pcap_if_t 结构体里。
2.打开网络适配器。

pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf);

pcap_open(d->name,  // 设备名        65536,     // 要捕捉的数据包的部分                    // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容        PCAP_OPENFLAG_NOCAPTURE_LOCAL,         // 混杂模式        1000,      // 读取超时时间        NULL,      // 远程机器验证        errbuf     // 错误缓冲池    )

这里是flags的定义

/*!    \addtogroup remote_open_flags    \{*//*!    \brief Defines if the adapter has to go in promiscuous mode.    It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise.    Note that even if this parameter is false, the interface could well be in promiscuous    mode for some other reason (for example because another capture process with     promiscuous mode enabled is currently using that interface).    On on Linux systems with 2.2 or later kernels (that have the "any" device), this    flag does not work on the "any" device; if an argument of "any" is supplied,    the 'promisc' flag is ignored.*/#define PCAP_OPENFLAG_PROMISCUOUS       1/*!    \brief Defines if the data trasfer (in case of a remote    capture) has to be done with UDP protocol.    If it is '1' if you want a UDP data connection, '0' if you want    a TCP data connection; control connection is always TCP-based.    A UDP connection is much lighter, but it does not guarantee that all    the captured packets arrive to the client workstation. Moreover,     it could be harmful in case of network congestion.    This flag is meaningless if the source is not a remote interface.    In that case, it is simply ignored.*/#define PCAP_OPENFLAG_DATATX_UDP            2/*!    \brief Defines if the remote probe will capture its own generated traffic.    In case the remote probe uses the same interface to capture traffic and to send    data back to the caller, the captured traffic includes the RPCAP traffic as well.    If this flag is turned on, the RPCAP traffic is excluded from the capture, so that    the trace returned back to the collector is does not include this traffic.*/#define PCAP_OPENFLAG_NOCAPTURE_RPCAP   4/*!    \brief Defines if the local adapter will capture its own generated traffic.    This flag tells the underlying capture driver to drop the packets that were sent by itself.     This is usefult when building applications like bridges, that should ignore the traffic    they just sent.*/#define PCAP_OPENFLAG_NOCAPTURE_LOCAL   8/*!    \brief This flag configures the adapter for maximum responsiveness.    In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before     copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage,     i.e. better performance, which is good for applications like sniffers. If the user sets the     PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application     is ready to receive them. This is suggested for real time applications (like, for example, a bridge)     that need the best responsiveness.*/#define PCAP_OPENFLAG_MAX_RESPONSIVENESS    16

3.编译过滤器

pcap_compile(adhandle, &fcode, packet_filter, 1, netmask);

4.设置过滤器

pcap_setfilter(adhandle, &fcode);

5.进行捕获

pcap_loop(adhandle, 30, packet_handler, NULL);