[Winpcap-users] it doesn't show the correct ports
Ziara .
essence_z at hotmail.com
Thu Mar 20 10:42:05 GMT 2008
Ok, I found my mistake, I don't know why but I'm thinking that udp packets had 80 port too, I check my tcp ports and they are correct, sorry for bothering you.
And one question, could it be to have the same port, source and destination for a udp packets?
From: essence_z at hotmail.comTo: winpcap-users at winpcap.orgDate: Wed, 19 Mar 2008 13:56:10 +0100Subject: [Winpcap-users] it doesn't show the correct ports
Hello, I can't explain why in this code when I output source and destination udp port, it show me port: 1042 and 53, it should be 80 instead of 53. and no always show the same port 1042. Porgramming in builder c++ ..int cont = 0;int res = pcap_next_ex(adhandle_, &header, &pkt_data); if (res == 0) //Timeout elapsed continue; cont++; cadenaIDx = AnsiString (cont); //show the index //Tiempo local_tv_sec = header->ts.tv_sec; ltime = localtime(&local_tv_sec); strftime(timestr, sizeof timestr, "%H:%M:%S", ltime); cadenaTIm = AnsiString(timestr) + "." + header->ts.tv_usec; //show the time ether_header *ether; ether = (ether_header*)(pkt_data); switch(htons(ether->h_type)) { case 0x0800: //IPv4 ip_header *ip; udp_header *udp; u_int ip_len; ip = (ip_header*)(pkt_data + 14); sprintf(macaddr1,"%d.%d.%d.%d",ip->saddr.byte1, ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4); sprintf(macaddr2,"%d.%d.%d.%d",ip->daddr.byte1, ip->daddr.byte2,ip>daddr.byte3,ip>daddr.byte4); cadenaIPs = macaddr1; //show IP source address cadenaIPd = macaddr2; //show IP dest address switch (ip->proto) { case 1: cadenaPRt = "ICMP"; break; case 2: cadenaPRt = "IGMP"; break; case 4: cadenaPRt = "IP"; break; case 6: cadenaPRt = "TCP"; break; case 17: cadenaPRt = "UDP"; //show protocol ip_len = (ip->ver_ihl & 0xf) * 4; //Longitud de Ip header udp = (udp_header*)((u_char*)ip + ip_len); //udp = (udp_header*)(pkt_data+14+sizeof(ip_header)); cadenaSPo = ntohs(udp->sport); //show udp source port cadenaDPo = ntohs(udp->dport); //show udp destination port break; default: cadenaPRt = "?"; break; } break; case 0x0806: cadenaPRt = "ARP"; arp_header *arp; arp = (arp_header*)(pkt_data + 14); sprintf(macaddr1,"%02X-%02X-%02X-%02X-%02X-%02X",arp->src_addr[0], arp->src_addr[1],arp->src_addr[2],arp->src_addr[3],arp->src_addr[4], arp->src_addr[5]); sprintf(macaddr2,"%02X-%02X-%02X-%02X-%02X-%02X",arp->dst_addr[0], arp->dst_addr[1],arp->dst_addr[2],arp->dst_addr[3],arp->dst_addr[4], arp->dst_addr[5]); cadenaIPs = macaddr1; cadenaIPd = macaddr2; break; default: cadenaPRt = "otros"; break; } the struct header that I use: /* Cabecera ARP */struct arp_header{ u_short hardware; u_short protocol; u_char hw_addr_len; u_char proto_addr_len; u_short operation; u_char src_addr[6]; u_char src_ip[4]; u_char dst_addr[6]; u_char dst_ip[4];};//4 bytes IP addressstruct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4;};// 20 bytes IP Headerstruct ip_header{ u_char ver_ihl; u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address // u_int op_pad; // Option + Padding -- NOT NEEDED!}; struct udp_header{ u_short sport; // Source port u_short dport; // Destination port u_short len; // Datagram length u_short crc; // Checksum};
Todo ruedas: información práctica y todo el glamour del mundo del motor. MSN Estilo y Tendencias
_________________________________________________________________
MSN Noticias
http://noticias.msn.es/comunidad.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080320/08deb3af/attachment.htm
More information about the Winpcap-users
mailing list