最近在用Wireshark抓包工具的时候，老感觉这东西用起来很简单，功能强大，所以想了解他的实现原理，我就自己好奇写了一个实现基本功能的demo吧。 其实叫抓包工具，其实就是抓取流经自己网卡的所有ip包，我们能够按照ip包的协议解析不就行了。

Wireshark网络抓包案例分析及实施方案

华为内部网络抓包工具，用于网络安全；请不要用于破坏

海康、大华相机接入平台，TCP网络抓包

简单的抓包程序#define MAX_HOSTNAME_LAN 255 #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define MAX_ADDR_LEN 16 #pragma comment(lib,"WS2_32.lib")

网络抓包工具Wireshark，免费 Wireshark(前称Ethereal)是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。Wireshark使用WinPCAP作为接口，直接与网卡进行数据报文交换。

Ethereal is a GUI network protocol analyzer. It lets you interactively browse packet data from a live network or from a previously saved capture file. See: http://www.ethereal.com for new versions, documentation, ... Ethereal's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. So Ethereal can read capture files from: -libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format -snoop and atmsnoop -Shomiti/Finisar Surveyor captures -Novell LANalyzer captures -Microsoft Network Monitor captures -AIX's iptrace captures -Cinco Networks NetXRay captures -Network Associates Windows-based Sniffer captures -Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures -AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures -RADCOM's WAN/LAN analyzer captures -Network Instruments Observer version 9 captures -Lucent/Ascend router debug output -files from HP-UX's nettl -Toshiba's ISDN routers dump output -the output from i4btrace from the ISDN4BSD project -traces from the EyeSDN USB S0. -the output in IPLog format from the Cisco Secure Intrusion Detection System -pppd logs (pppdump format) -the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities -the text output from the DBS Etherwatch VMS utility -Visual Networks' Visual UpTime traffic capture -the output from CoSine L2 debug -the output from Accellent's 5Views LAN agents -Endace Measurement Systems' ERF format captures -Linux Bluez Bluetooth stack hcidump -w traces There is no need to tell Ethereal what type of file you are reading; it will determine the file type by itself. Ethereal is also capable of reading any of these file formats if they are compressed using gzip. Ethereal recognizes this directly from the file; the '.gz' extension is not required for this purpose.

抓包实验第一个，含有原问题，以及截图，还有问题的分析及说明

基于winpcap的抓包工具，编译能通过的。

各种类别的抓包分析图