[Winpcap-users] it doesn't show the correct ports
Ziara .
essence_z at hotmail.com
Wed Mar 19 12:56:10 GMT 2008
Hello, I can't explain why in this code when I output source and destination udp port, it show me port: 1042 and 53, it should be 80 instead of 53. and no always show the same port 1042.
Porgramming in builder c++
..
int cont = 0;
int res = pcap_next_ex(adhandle_, &header, &pkt_data); if (res == 0) //Timeout elapsed continue; cont++; cadenaIDx = AnsiString (cont); //show the index
//Tiempo local_tv_sec = header->ts.tv_sec; ltime = localtime(&local_tv_sec); strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); cadenaTIm = AnsiString(timestr) + "." + header->ts.tv_usec; //show the time
ether_header *ether; ether = (ether_header*)(pkt_data);
switch(htons(ether->h_type)) { case 0x0800: //IPv4 ip_header *ip; udp_header *udp; u_int ip_len;
ip = (ip_header*)(pkt_data + 14);
sprintf(macaddr1,"%d.%d.%d.%d",ip->saddr.byte1, ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4); sprintf(macaddr2,"%d.%d.%d.%d",ip->daddr.byte1, ip->daddr.byte2,ip>daddr.byte3,ip>daddr.byte4);
cadenaIPs = macaddr1; //show IP source address cadenaIPd = macaddr2; //show IP dest address
switch (ip->proto) { case 1: cadenaPRt = "ICMP"; break;
case 2: cadenaPRt = "IGMP"; break;
case 4: cadenaPRt = "IP"; break;
case 6: cadenaPRt = "TCP"; break;
case 17: cadenaPRt = "UDP"; //show protocol ip_len = (ip->ver_ihl & 0xf) * 4; //Longitud de Ip header udp = (udp_header*)((u_char*)ip + ip_len); //udp = (udp_header*)(pkt_data+14+sizeof(ip_header)); cadenaSPo = ntohs(udp->sport); //show udp source port cadenaDPo = ntohs(udp->dport); //show udp destination port break;
default: cadenaPRt = "?"; break; } break; case 0x0806: cadenaPRt = "ARP"; arp_header *arp; arp = (arp_header*)(pkt_data + 14); sprintf(macaddr1,"%02X-%02X-%02X-%02X-%02X-%02X",arp->src_addr[0], arp->src_addr[1],arp->src_addr[2],arp->src_addr[3],arp->src_addr[4], arp->src_addr[5]); sprintf(macaddr2,"%02X-%02X-%02X-%02X-%02X-%02X",arp->dst_addr[0], arp->dst_addr[1],arp->dst_addr[2],arp->dst_addr[3],arp->dst_addr[4], arp->dst_addr[5]); cadenaIPs = macaddr1; cadenaIPd = macaddr2;
break;
default: cadenaPRt = "otros"; break; }
the struct header that I use:
/* Cabecera ARP */struct arp_header{ u_short hardware; u_short protocol; u_char hw_addr_len; u_char proto_addr_len; u_short operation; u_char src_addr[6]; u_char src_ip[4]; u_char dst_addr[6]; u_char dst_ip[4];};//4 bytes IP addressstruct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4;};
// 20 bytes IP Headerstruct ip_header{ u_char ver_ihl; u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address // u_int op_pad; // Option + Padding -- NOT NEEDED!};
struct udp_header{ u_short sport; // Source port u_short dport; // Destination port u_short len; // Datagram length u_short crc; // Checksum};
_________________________________________________________________
MSN Video.
http://video.msn.com/?mkt=es-es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080319/7910b894/attachment.htm
More information about the Winpcap-users
mailing list