<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV dir=ltr align=left><SPAN class=756210214-12022006><FONT face=Arial
color=#0000ff size=2>(u_char *) is correct as Martin says. Sorry about the
mistyping.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=756210214-12022006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=756210214-12022006><FONT face=Arial
color=#0000ff size=2>Vidar</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=no dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>Fra:</B> winpcap-users-bounces@winpcap.org
[mailto:winpcap-users-bounces@winpcap.org] <B>Pċ vegne av</B> Mario und Martina
Müller<BR><B>Sendt:</B> 10. februar 2006 15:46<BR><B>Til:</B>
winpcap-users@winpcap.org<BR><B>Emne:</B> SV: [Winpcap-users] how to open the IP
packet data<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>thank yo for your help.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>i added the code, but i get the
error-message:</FONT></DIV>
<DIV><FONT face=Arial size=2>"invalid conversion from `int' to `char*' " in the
codeline:</FONT></DIV>
<DIV><FONT face=Arial size=2>payload = (u_char)pkt_data + SIZE_ETHERNET +
size_ip + size_tcp;</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>i dont know whats wrong.</FONT></DIV>
<DIV><FONT face=Arial size=2>to see the packet data it must be a string and not
an integer.</FONT></DIV>
<DIV><FONT face=Arial size=2>how can i see the packet data?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Here is the compled sourcecode:</FONT></DIV>
<DIV><FONT face=Arial size=2>THANK YOU FOR HELP</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>#include "pcap.h"<BR>#include
<windows.h></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>#define ETHER_ADDR_LEN 6<BR>struct ethernet_header
{<BR> u_char
ether_dhost[ETHER_ADDR_LEN]; /* destination host
address<BR>*/<BR> u_char
ether_shost[ETHER_ADDR_LEN]; /* source host address
*/<BR> u_short
ether_type;
/* IP? ARP? RARP? etc */<BR>};</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>// 6 byte MAC Address <BR>typedef struct
mac_address { <BR> u_char byte1; <BR> u_char
byte2; <BR> u_char byte3; <BR> u_char byte4;
<BR> u_char byte5; <BR> u_char byte6; <BR>}mac_address; </FONT></DIV>
<DIV> </DIV><FONT face=Arial size=2>
<DIV><BR>// 4 bytes IP address <BR>typedef struct ip_address{
<BR> u_char byte1; <BR> u_char byte2;
<BR> u_char byte3; <BR> u_char byte4;
<BR>}ip_address; </DIV>
<DIV> </DIV>
<DIV><BR>// 20 bytes IP Header <BR>typedef struct ip_header{
<BR> u_char ver_ihl; // Version (4 bits) + Internet header
length (4 bits) <BR> u_char tos; // Type of service
<BR> u_short tlen; // Total length <BR>
u_short identification; // Identification <BR> u_short
flags_fo; // Flags (3 bits) + Fragment offset (13 bits) <BR>
u_char ttl; // Time to live <BR> u_char proto; // Protocol
<BR> u_short crc; // Header checksum <BR>
ip_address saddr; // Source address <BR> ip_address daddr; //
Destination address <BR> // u_int op_pad; // Option + Padding -- NOT
NEEDED! <BR>}ip_header; </DIV>
<DIV> </DIV>
<DIV>//"Simple" struct for TCP<BR>typedef struct tcp_header { <BR> u_short
sport; // Source port <BR> u_short dport; // Destination port
<BR> u_int seqnum; // Sequence Number <BR> u_int acknum; //
Acknowledgement number <BR> u_char th_off; // Header length
<BR> u_char flags; // packet flags <BR> u_short win; // Window size
<BR> u_short crc; // Header Checksum <BR> u_short urgptr; // Urgent
pointer...still don't know what this is...</DIV>
<DIV> </DIV>
<DIV>}tcp_header; <BR>typedef struct udp_header{<BR>
u_short sport; // Source
port<BR> u_short
dport; // Destination
port<BR> u_short
len; //
Datagram length<BR> u_short
crc; //
Checksum<BR>}udp_header;</DIV>
<DIV> </DIV>
<DIV>int main()<BR>{<BR> pcap_if_t *alldevs;<BR> pcap_if_t
*d;<BR> int inum;<BR> int i=0;<BR> pcap_t *adhandle;<BR> int
res;<BR> char errbuf[PCAP_ERRBUF_SIZE];<BR> struct tm
*ltime;<BR> char timestr[16];<BR> struct pcap_pkthdr
*header;<BR> const u_char *pkt_data;<BR> <BR>
<BR> /* Retrieve the device list
*/<BR> if(pcap_findalldevs(&alldevs, errbuf) ==
-1)<BR> {<BR> fprintf(stderr,"Error in pcap_findalldevs: %s\n",
errbuf);<BR> return -1;<BR> }<BR>
<BR> /* Print the list */<BR> for(d=alldevs;
d; d=d->next)<BR>
{<BR> printf("%d. %s", ++i,
d->name);<BR> if
(d->description)<BR>
printf(" (%s)\n",
d->description);<BR>
else<BR>
printf(" (No description available)\n");<BR>
}<BR> <BR> if(i==0)<BR>
{<BR> printf("\nNo interfaces found!
Make sure WinPcap is
installed.\n");<BR> return
-1;<BR> }<BR> <BR>
printf("Enter the interface number (1-%d):",i);<BR>
scanf("%d", &inum);<BR> <BR> if(inum
< 1 || inum > i)<BR>
{<BR> printf("\nInterface number out
of range.\n");<BR> /* Free the device
list */<BR>
pcap_freealldevs(alldevs);<BR> return
-1;<BR> }<BR> <BR> /* Jump to the
selected adapter */<BR> for(d=alldevs, i=0; i< inum-1
;d=d->next, i++);<BR> <BR> /* Open the adapter
*/<BR> if ((adhandle= pcap_open_live(d->name, // name of the
device<BR> 65536, //
portion of the packet to capture.
<BR> // 65536
grants that the whole packet will be captured on all the
MACs.<BR> 0, //
promiscuous mode (nonzero means
promiscuous)<BR>
1000, // read
timeout<BR> errbuf //
error buffer<BR> )) ==
NULL)<BR> {<BR> fprintf(stderr,"\nUnable to open the adapter. %s
is not supported by WinPcap\n", d->name);<BR> /* Free the device
list */<BR> pcap_freealldevs(alldevs);<BR> return
-1;<BR> }<BR> <BR> printf("\nlistening
on %s...\n", d->description);<BR> <BR> /* At this
point, we don't need any more the device list. Free it */<BR>
pcap_freealldevs(alldevs);<BR> <BR> /* Retrieve the packets */</DIV>
<DIV> </DIV>
<DIV>int size_ip;<BR>int size_tcp;<BR>int SIZE_ETHERNET;<BR>
ip_header *ih;<BR> tcp_header *tcph;<BR>
udp_header *uh;<BR> u_int ip_len;<BR>
u_short sport,dport;<BR> while((res = pcap_next_ex( adhandle, &header,
&pkt_data)) >= 0){ <BR> if(res ==
0)<BR> /* Timeout elapsed
*/<BR> continue;<BR> <BR>
<BR> const struct ethernet_header *ethernet; /* The
ethernet header */<BR>const struct ip_header *ip; /* The IP
header */<BR>const struct tcp_header *tcp; /* The TCP header
*/<BR>char *payload; /* Pointer to packet
payload<BR>*/<BR>ethernet = (struct ethernet_header*)(pkt_data);<BR>ip = (struct
ip_header*)(pkt_data + SIZE_ETHERNET);<BR>size_ip = (ip->ver_ihl & 0xf) *
4; //Gets length of IP header with options<BR>if (size_ip < 20)
{<BR> printf(" * Invalid IP header length: %u bytes\n",
size_ip);<BR> return NULL;<BR>}<BR>tcp = (struct tcp_header*)(pkt_data +
SIZE_ETHERNET + size_ip); //TCP header<BR>size_tcp = tcp->th_off/4;<BR>if
(size_tcp < 20) {<BR> printf(" * Invalid TCP header length:
%u bytes\n", size_tcp);<BR> return NULL;<BR>}<BR>payload =
(u_char)pkt_data + SIZE_ETHERNET + size_ip + size_tcp;</DIV>
<DIV> </DIV>
<DIV> <BR> <BR> /* convert
the timestamp to readable format
*/<BR> ltime=localtime(&header->ts.tv_sec);<BR> strftime(
timestr, sizeof timestr, "%H:%M:%S", ltime);<BR>
ih = (ip_header *) (pkt_data +<BR>
14);<BR> ip_len = (ih->ver_ihl & 0xf) *
4;<BR> uh = (udp_header *) ((u_char*)ih + ip_len);</DIV>
<DIV> </DIV>
<DIV> /* convert from network byte order to host byte order
*/<BR> sport = ntohs( uh->sport );<BR>
dport = ntohs( uh->dport );<BR> printf("%s: %d.%d.%d.%d:%d
--> %d.%d.%d.%d:%d - ", timestr,
ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4,sport,ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4,dport);<BR>
if (ih->proto == 0)
{
<BR> printf("!!! Reserved
!!!\n"); }<BR> if (ih->proto == 1)
{
<BR>
printf("ICMP\n");<BR>
MessageBox(NULL,"ICMP-Packet(s)
found!","WARNING",MB_OK); }<BR>
<BR> if (ih->proto == 2)
{
<BR> printf("IGMP\n"); }<BR>
<BR> if (ih->proto == 3)
{
<BR>
printf("GGP\n"); <BR>
MessageBox(NULL,"Gateway-to-Gateway-Packet(s)
found!","WARNING",MB_OK);}<BR>
<BR> if (ih->proto == 4)
{
<BR>
printf("IP\n");<BR>
MessageBox(NULL,"IP-in-IP-Packet(s)
found!","WARNING",MB_OK); }<BR>
<BR> if (ih->proto == 5)
{
<BR>
printf("ST\n"); }<BR>
<BR> if (ih->proto == 6)
{
<BR>
printf("TCP\n"); }<BR>
<BR> if (ih->proto == 7)
{
<BR>
printf("UCL\n"); }<BR>
<BR> if (ih->proto == 8)
{
<BR>
printf("EGP\n"); }<BR>
<BR> if (ih->proto == 9)
{
<BR>
printf("IGP\n"); }<BR>
<BR> if (ih->proto == 10)
{
<BR>
printf("BBN-RCC-MON\n"); }<BR>
<BR> if (ih->proto == 11)
{
<BR>
printf("NVP-II\n"); }<BR>
<BR> if (ih->proto == 12)
{
<BR>
printf("PUP\n"); }<BR>
<BR> if (ih->proto == 13)
{
<BR>
printf("ARGUS\n"); }<BR>
<BR> if (ih->proto == 14)
{
<BR>
printf("EMCON\n"); }<BR>
<BR> if (ih->proto == 15)
{
<BR>
printf("XNET\n"); }<BR>
<BR> if (ih->proto == 16)
{
<BR> printf("!!! CHAOS
!!!\n");<BR>
MessageBox(NULL,"CHAOS-Packet(s)
found!","WARNING",MB_OK); }<BR>
<BR> if (ih->proto == 17)
{
<BR>
printf("UDP\n"); }<BR>
<BR> if (ih->proto == 18)
{
<BR>
printf("MUX\n"); }<BR>
<BR> if (ih->proto == 19)
{
<BR>
printf("DCN-MEAS\n"); }<BR>
<BR> if (ih->proto == 20)
{
<BR>
printf("HMP\n"); }<BR>
<BR> if (ih->proto == 21)
{
<BR>
printf("PRM\n"); }<BR>
<BR> if (ih->proto == 22)
{
<BR>
printf("XNS-IDP\n"); }<BR>
<BR> if (ih->proto == 23)
{
<BR> printf("TRUNK-1\n"); }<BR>
<BR> if (ih->proto == 24)
{
<BR> printf("TRUNK-2\n"); }<BR>
<BR> if (ih->proto == 25)
{
<BR>
printf("LEAF-1\n"); }<BR>
<BR> if (ih->proto == 26)
{
<BR>
printf("LEAF-2\n"); }<BR>
<BR> if (ih->proto == 27)
{
<BR>
printf("RDP\n"); }<BR>
<BR> if (ih->proto == 28)
{
<BR>
printf("IRTP\n"); }<BR>
<BR> if (ih->proto == 29)
{
<BR>
printf("ISO-TP4\n"); }<BR>
<BR> if (ih->proto == 30)
{
<BR>
printf("NETBLT\n"); }<BR>
<BR> if (ih->proto == 31)
{
<BR>
printf("MFE-NSP\n"); }<BR>
<BR> if (ih->proto == 32)
{
<BR>
printf("MERIT-INP\n"); }<BR>
<BR> if (ih->proto == 33)
{
<BR>
printf("SEP\n"); }<BR>
<BR> if (ih->proto == 34)
{
<BR>
printf("3PC\n"); }<BR>
<BR> if (ih->proto == 35)
{
<BR>
printf("IDPR\n"); }<BR>
<BR> if (ih->proto >= 36)
{
<BR> printf("!!! UNKOWN
!!!\n");<BR> MessageBox(NULL,"UNKOWN
Packetformat found!","WARNING",MB_OK); }<BR>
//printf(tcph->data);<BR>}<BR>
</DIV>
<DIV> </DIV>
<DIV> if(res == -1){<BR> printf("Error reading the packets:
%s\n", pcap_geterr(adhandle));<BR> return
-1;<BR> }<BR> <BR> pcap_close(adhandle);
<BR> return 0;<BR>}</DIV>
<DIV> </DIV>
<DIV><BR></FONT> </DIV></BODY></HTML>