some problem in the source code

[aman Reddy <amanchenna () yahoo com>]

Hi all, 

  I have written a small program to capture 20 packets using pcap library. It is working fine if I captured packets 
from interface eth0 or eth1 by assigning either of these to variable "dev" used in the program below as the first 
parameter to pcap_open_live(). The output of the program shows exactly the source and destination addresses and what 
type(IP,ARP etc..) the packet is.  

But the problem is when i assign "any" or NULL to the variable "dev" , the program is capturing the packets but showing 
wrong destination address like 00:01:00:01:00:06 for each of the 20 packets I captured. 

I don`t understand why the destination address is currupted though the source address is correct? please solve my 
problem. Thanks in advance. Here is my program.

#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> 
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h> 
#include <linux/ip.h>
#include <linux/icmp.h>

void my_callback(u_char *notused,const struct pcap_pkthdr,const u_char* packet)
{
 int i;
 struct ether_header *eptr;
 struct iphdr *ipptr;
 struct icmphdr *icmphdr;
 uchar *ptr;

  if (packet == NULL)
  {
        printf("Didn't grab packet\n");
        exit(1);
   }

    printf("Grabbed packet of length %d\n",pkthdr->len);
    printf("Recieved at ..... %s\n",ctime((const time_t*)&pkthdr.ts.tv_sec)); 
    printf("Ethernet address length is %d\n",ETHER_HDR_LEN);

    eptr = (struct ether_header *) packet;

    if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
    {
        printf("Ethernet type is an IP packet\n");
        
        ipptr = (struct iphdr *) (eptr + 1);

        if (ipptr->protocol == 1)
        {
          icmpptr = (struct icmphdr *) (ipptr + 1);
          if  (icmpptr->code == 16)
             printf("THIS IS A MOBILE IP ADVERTISEMENT PACKET\n");
        }
    }else  if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
    {
        printf("Ethernet type is an ARP packet\n");
    }else {
        printf("Ethernet type is someother Packet");
    }

    ptr = eptr->ether_dhost;
    i = ETHER_ADDR_LEN;
    printf(" Destination Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");

    ptr = eptr->ether_shost;
    i = ETHER_ADDR_LEN;
    printf(" Source Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");
}

int main(int argc, char **argv)
{
    int i,count = 20;
    char *dev="eth0";           /* (or "eth1" or "any or NULL") */
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t* descr;
    const u_char *packet;

    descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);

    if(descr == NULL)
    {
        printf("pcap_open_live(): %s\n",errbuf);
        exit(1);
    }

    pcap_loop(descr,count,my_callback,NULL);
 return 0;
} 
    



                
---------------------------------
Do you Yahoo!?
 Meet the all-new My Yahoo! – Try it today! -
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.