[Winpcap-users] Retrieve packets using pcap_next_ex
Ziara .
essence_z at hotmail.com
Wed Jan 30 13:13:35 GMT 2008
I'm trying retrieve upd packets with pcap_next_ex but I compare the results with this example in the manual using pcap_loop
http://www.winpcap.org/docs/docs_40_2/html/group__wpcap__tut6.html
and I think something it's wrong, because with pcap_next_ex give me incoherent ports and some ip's, what's happen? thanks
// 4 bytes IP addresstypedef struct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4;}ip_address;
// 20 bytes IP Headertypedef struct ip_header{ u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address u_int op_pad; // Option + Padding -- NOT NEEDED!}ip_header;
typedef struct udp_header{ u_short sport; // Source port u_short dport; // Destination port u_short len; // Datagram length u_short crc; // Checksum}udp_header;
int main(){ pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; int res; char errbuf[PCAP_ERRBUF_SIZE]; struct tm *ltime; char timestr[16]; struct pcap_pkthdr *header; const u_char *pkt_data; time_t local_tv_sec;
/* Retrieve the device list on the local machine */ if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf); exit(1); }
/* Print the list */ for(d=alldevs; d; d=d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)\n", d->description); else printf(" (No description available)\n"); }
if(i==0) { printf("\nNo interfaces found! Make sure WinPcap is installed.\n"); return -1; }
printf("Enter the interface number (1-%d):",i); scanf("%d", &inum);
if(inum < 1 || inum > i) { printf("\nInterface number out of range.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; }
/* Jump to the selected adapter */ for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* Open the device */ if ( (adhandle= pcap_open(d->name, // name of the device 65536, // portion of the packet to capture. // 65536 guarantees that the whole packet will be captured on all the link layers PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode 1000, // read timeout NULL, // authentication on the remote machine errbuf // error buffer ) ) == NULL) { fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name); /* Free the device list */ pcap_freealldevs(alldevs); return -1; }
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */ pcap_freealldevs(alldevs);
ip_header *ip; //ip headerudp_header *udp;u_int ip_len;u_short sport,dport;
while((res=pcap_next_ex( adhandle, &header, &pkt_data))>=0) {
if(res == 0) //Timeout elapsed continue;
ip = (ip_header*)(pkt_data + 14);
ip_len = (ip->ver_ihl & 0xf) * 4; //Longitud de Ip headerudp = (udp_header *)((u_char *)ip + ip_len);
sport = ntohs( udp->sport );dport = ntohs( udp->dport );
printf("Dir Sourc: %d.%d.%d.%d\n", ip->saddr.byte1,ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4);printf("Dir Dest: %d.%d.%d.%d\n", ip->daddr.byte1,ip->daddr.byte2,ip->daddr.byte3,ip->daddr.byte4);
printf("Port Sourc: %d\n", sport);printf("Port Dest: %d\n", dport);
} if(res == -1){ printf("Error reading the packets: %s\n", pcap_geterr(adhandle)); return -1; } return 0;}
_________________________________________________________________
Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última
Guapos y guapas, clips musicales y estrenos de cine.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080130/18b1d776/attachment.htm
More information about the Winpcap-users
mailing list