SV: [Winpcap-users] how to open the IP packet data
Mario und Martina Müller
mario_martina.mueller at t-online.de
Fri Feb 10 14:46:12 GMT 2006
Hello,
thank yo for your help.
i added the code, but i get the error-message:
"invalid conversion from `int' to `char*' " in the codeline:
payload = (u_char)pkt_data + SIZE_ETHERNET + size_ip + size_tcp;
i dont know whats wrong.
to see the packet data it must be a string and not an integer.
how can i see the packet data?
Here is the compled sourcecode:
THANK YOU FOR HELP
#include "pcap.h"
#include <windows.h>
#define ETHER_ADDR_LEN 6
struct ethernet_header {
u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address
*/
u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */
u_short ether_type; /* IP? ARP? RARP? etc */
};
// 6 byte MAC Address
typedef struct mac_address {
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
u_char byte5;
u_char byte6;
}mac_address;
// 4 bytes IP address
typedef struct ip_address{
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
}ip_address;
// 20 bytes IP Header
typedef struct ip_header{
u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)
u_char tos; // Type of service
u_short tlen; // Total length
u_short identification; // Identification
u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)
u_char ttl; // Time to live
u_char proto; // Protocol
u_short crc; // Header checksum
ip_address saddr; // Source address
ip_address daddr; // Destination address
// u_int op_pad; // Option + Padding -- NOT NEEDED!
}ip_header;
//"Simple" struct for TCP
typedef struct tcp_header {
u_short sport; // Source port
u_short dport; // Destination port
u_int seqnum; // Sequence Number
u_int acknum; // Acknowledgement number
u_char th_off; // Header length
u_char flags; // packet flags
u_short win; // Window size
u_short crc; // Header Checksum
u_short urgptr; // Urgent pointer...still don't know what this is...
}tcp_header;
typedef struct udp_header{
u_short sport; // Source port
u_short dport; // Destination port
u_short len; // Datagram length
u_short crc; // Checksum
}udp_header;
int main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
int res;
char errbuf[PCAP_ERRBUF_SIZE];
struct tm *ltime;
char timestr[16];
struct pcap_pkthdr *header;
const u_char *pkt_data;
/* Retrieve the device list */
if(pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
return -1;
}
/* Print the list */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the adapter */
if ((adhandle= pcap_open_live(d->name, // name of the device
65536, // portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
0, // promiscuous mode (nonzero means promiscuous)
1000, // read timeout
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
/* Retrieve the packets */
int size_ip;
int size_tcp;
int SIZE_ETHERNET;
ip_header *ih;
tcp_header *tcph;
udp_header *uh;
u_int ip_len;
u_short sport,dport;
while((res = pcap_next_ex( adhandle, &header, &pkt_data)) >= 0){
if(res == 0)
/* Timeout elapsed */
continue;
const struct ethernet_header *ethernet; /* The ethernet header */
const struct ip_header *ip; /* The IP header */
const struct tcp_header *tcp; /* The TCP header */
char *payload; /* Pointer to packet payload
*/
ethernet = (struct ethernet_header*)(pkt_data);
ip = (struct ip_header*)(pkt_data + SIZE_ETHERNET);
size_ip = (ip->ver_ihl & 0xf) * 4; //Gets length of IP header with options
if (size_ip < 20) {
printf(" * Invalid IP header length: %u bytes\n", size_ip);
return NULL;
}
tcp = (struct tcp_header*)(pkt_data + SIZE_ETHERNET + size_ip); //TCP header
size_tcp = tcp->th_off/4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return NULL;
}
payload = (u_char)pkt_data + SIZE_ETHERNET + size_ip + size_tcp;
/* convert the timestamp to readable format */
ltime=localtime(&header->ts.tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
ih = (ip_header *) (pkt_data +
14);
ip_len = (ih->ver_ihl & 0xf) * 4;
uh = (udp_header *) ((u_char*)ih + ip_len);
/* convert from network byte order to host byte order */
sport = ntohs( uh->sport );
dport = ntohs( uh->dport );
printf("%s: %d.%d.%d.%d:%d --> %d.%d.%d.%d:%d - ", timestr, ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4,sport,ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4,dport);
if (ih->proto == 0) {
printf("!!! Reserved !!!\n"); }
if (ih->proto == 1) {
printf("ICMP\n");
MessageBox(NULL,"ICMP-Packet(s) found!","WARNING",MB_OK); }
if (ih->proto == 2) {
printf("IGMP\n"); }
if (ih->proto == 3) {
printf("GGP\n");
MessageBox(NULL,"Gateway-to-Gateway-Packet(s) found!","WARNING",MB_OK);}
if (ih->proto == 4) {
printf("IP\n");
MessageBox(NULL,"IP-in-IP-Packet(s) found!","WARNING",MB_OK); }
if (ih->proto == 5) {
printf("ST\n"); }
if (ih->proto == 6) {
printf("TCP\n"); }
if (ih->proto == 7) {
printf("UCL\n"); }
if (ih->proto == 8) {
printf("EGP\n"); }
if (ih->proto == 9) {
printf("IGP\n"); }
if (ih->proto == 10) {
printf("BBN-RCC-MON\n"); }
if (ih->proto == 11) {
printf("NVP-II\n"); }
if (ih->proto == 12) {
printf("PUP\n"); }
if (ih->proto == 13) {
printf("ARGUS\n"); }
if (ih->proto == 14) {
printf("EMCON\n"); }
if (ih->proto == 15) {
printf("XNET\n"); }
if (ih->proto == 16) {
printf("!!! CHAOS !!!\n");
MessageBox(NULL,"CHAOS-Packet(s) found!","WARNING",MB_OK); }
if (ih->proto == 17) {
printf("UDP\n"); }
if (ih->proto == 18) {
printf("MUX\n"); }
if (ih->proto == 19) {
printf("DCN-MEAS\n"); }
if (ih->proto == 20) {
printf("HMP\n"); }
if (ih->proto == 21) {
printf("PRM\n"); }
if (ih->proto == 22) {
printf("XNS-IDP\n"); }
if (ih->proto == 23) {
printf("TRUNK-1\n"); }
if (ih->proto == 24) {
printf("TRUNK-2\n"); }
if (ih->proto == 25) {
printf("LEAF-1\n"); }
if (ih->proto == 26) {
printf("LEAF-2\n"); }
if (ih->proto == 27) {
printf("RDP\n"); }
if (ih->proto == 28) {
printf("IRTP\n"); }
if (ih->proto == 29) {
printf("ISO-TP4\n"); }
if (ih->proto == 30) {
printf("NETBLT\n"); }
if (ih->proto == 31) {
printf("MFE-NSP\n"); }
if (ih->proto == 32) {
printf("MERIT-INP\n"); }
if (ih->proto == 33) {
printf("SEP\n"); }
if (ih->proto == 34) {
printf("3PC\n"); }
if (ih->proto == 35) {
printf("IDPR\n"); }
if (ih->proto >= 36) {
printf("!!! UNKOWN !!!\n");
MessageBox(NULL,"UNKOWN Packetformat found!","WARNING",MB_OK); }
//printf(tcph->data);
}
if(res == -1){
printf("Error reading the packets: %s\n", pcap_geterr(adhandle));
return -1;
}
pcap_close(adhandle);
return 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060210/5bee143f/attachment-0001.htm
More information about the Winpcap-users
mailing list