如果您想获取pcap文件中的帧数:
tshark -r test.cap | wc -l
使用capinfos:
capinfos test.cap | grep "Number of packets"| tr -d " " | cut -d ":" -f 2
使用tcpdump:
tcpdump -r test.cap 2>/dev/null| wc -l
因此,基本上使用libpcap,这是一个示例:
#include <stdio.h>
#include <pcap.h>
#include <stdlib.h>
int main(int argc, char **argv)
{
unsigned int packet_counter=0;
struct pcap_pkthdr header;
const u_char *packet;
if (argc < 2) {
fprintf(stderr, "Usage: %s <pcap>\n", argv[0]);
exit(1);
}
pcap_t *handle;
char errbuf[PCAP_ERRBUF_SIZE];
handle = pcap_open_offline(argv[1], errbuf);
if (handle == NULL) {
fprintf(stderr,"Couldn't open pcap file %s: %s\n", argv[1], errbuf);
return(2);
}
while (packet = pcap_next(handle,&header)) {
packet_counter++;
}
pcap_close(handle);
printf("%d\n", packet_counter);
return 0;
}
注意:您需要安装libpcap头文件(在Linux上搜索libpcap dev/devel包)
然后使用gcc -o myprogram myprogram.c -lpcap进行编译