tcpdump mailing list archives
some problem in the source code
From: aman Reddy <amanchenna () yahoo com>
Date: Thu, 9 Dec 2004 05:28:42 -0800 (PST)
Hi all, I have written a small program to capture 20 packets using pcap library. It is working fine if I captured packets from interface eth0 or eth1 by assigning either of these to variable "dev" used in the program below as the first parameter to pcap_open_live(). The output of the program shows exactly the source and destination addresses and what type(IP,ARP etc..) the packet is. But the problem is when i assign "any" or NULL to the variable "dev" , the program is capturing the packets but showing wrong destination address like 00:01:00:01:00:06 for each of the 20 packets I captured. I don`t understand why the destination address is currupted though the source address is correct? please solve my problem. Thanks in advance. Here is my program. #include <stdio.h> #include <stdlib.h> #include <pcap.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netinet/if_ether.h> #include <linux/ip.h> #include <linux/icmp.h> void my_callback(u_char *notused,const struct pcap_pkthdr,const u_char* packet) { int i; struct ether_header *eptr; struct iphdr *ipptr; struct icmphdr *icmphdr; uchar *ptr; if (packet == NULL) { printf("Didn't grab packet\n"); exit(1); } printf("Grabbed packet of length %d\n",pkthdr->len); printf("Recieved at ..... %s\n",ctime((const time_t*)&pkthdr.ts.tv_sec)); printf("Ethernet address length is %d\n",ETHER_HDR_LEN); eptr = (struct ether_header *) packet; if (ntohs (eptr->ether_type) == ETHERTYPE_IP) { printf("Ethernet type is an IP packet\n"); ipptr = (struct iphdr *) (eptr + 1); if (ipptr->protocol == 1) { icmpptr = (struct icmphdr *) (ipptr + 1); if (icmpptr->code == 16) printf("THIS IS A MOBILE IP ADVERTISEMENT PACKET\n"); } }else if (ntohs (eptr->ether_type) == ETHERTYPE_ARP) { printf("Ethernet type is an ARP packet\n"); }else { printf("Ethernet type is someother Packet"); } ptr = eptr->ether_dhost; i = ETHER_ADDR_LEN; printf(" Destination Address: "); do{ printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++); }while(--i>0); printf("\n"); ptr = eptr->ether_shost; i = ETHER_ADDR_LEN; printf(" Source Address: "); do{ printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++); }while(--i>0); printf("\n"); } int main(int argc, char **argv) { int i,count = 20; char *dev="eth0"; /* (or "eth1" or "any or NULL") */ char errbuf[PCAP_ERRBUF_SIZE]; pcap_t* descr; const u_char *packet; descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",errbuf); exit(1); } pcap_loop(descr,count,my_callback,NULL); return 0; } --------------------------------- Do you Yahoo!? Meet the all-new My Yahoo! Try it today! - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- some problem in the source code aman Reddy (Dec 09)
- Re: some problem in the source code Robert Lowe (Dec 09)
- Re: some problem in the source code Peter Sandford (Dec 09)
- <Possible follow-ups>
- Re: some problem in the source code aman Reddy (Dec 09)
- Re: some problem in the source code Robert Lowe (Dec 09)
- Re: some problem in the source code Guy Harris (Dec 09)
- Re: some problem in the source code aman Reddy (Dec 09)
- Re: some problem in the source code Peter Sandford (Dec 09)
- Re: some problem in the source code aman Reddy (Dec 09)
- Re: some problem in the source code aman Reddy (Dec 09)
- Re: some problem in the source code Peter Sandford (Dec 09)
- Re: some problem in the source code Robert Lowe (Dec 09)