tcpdump mailing list archives
help with packet tracer
From: "Tyler Littlefield" <tyler () tysdomain com>
Date: Wed, 18 Feb 2009 10:44:15 -0700
Hello list, I'm still working on this for college. I rewrote my callback function to work a bit differently, but it's still giving me weird sizes. If someone would check this out, I'd really really appriciate it. I don't want you to tell me exactly how to fix it, just where I'm going wrong. Thanks, Tyler Littlefield //code: //main.cpp: #include <stdlib.h> #include <cstring> #include <ctime> #include <iostream> #include <string> #include <pcap.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <net/ethernet.h> #include <unistd.h> #include "packet.h" using namespace std; //function prototypes: void PrintErr(const char* message); void PrintErr(const string message); void help(const char* progname); void version(const char* progname); void capt_h(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); int main(int argc, char** argv) { //check arg length: if (argc <=1) { PrintErr("You must provide an argument."); help(argv[0]); exit(EXIT_FAILURE); } //initialize our variables: char* dev=NULL; //the device pointer char ebuff[PCAP_ERRBUF_SIZE]; //the error buffer bpf_u_int32 net_addr; //the network address bpf_u_int32 mask_addr; //network mask. in_addr addr; //used for translating addresses. char *buff=NULL; //a simple buffer. int i=0; //used for loops. string temp; //our temporary string. int loop=0; //how many times will we loop? int wait=1; //how long should we wait? pcap_t* handle; int stop=0; //should we continue after the argument parsing? char filter[]="port 22"; //our default filter bpf_program prog; //used for applying the filter. //get the device name: dev=pcap_lookupdev(ebuff); if (dev==NULL) { PrintErr(ebuff); exit(EXIT_FAILURE); } //get the subnet mask and network mask: if ((pcap_lookupnet(dev,&net_addr,&mask_addr,ebuff))==-1) { PrintErr(ebuff); exit(EXIT_FAILURE); } //loop through args: for (i=1;i<argc;i++) { temp=argv[i]; if (temp=="-i") { cout << "Interface: " << dev << endl; //print the interface name addr.s_addr=mask_addr; cout << "Network mask: " << inet_ntoa(addr) << endl; addr.s_addr=net_addr; cout << "Network address: " << inet_ntoa(addr) << endl; } else if (temp=="-v") { version(argv[0]); } else if (temp=="-c") //the number of packets to capture: { if (argc==i) { PrintErr("-c takes an argument."); help(argv[0]); exit(EXIT_FAILURE); } else { loop=atoi(argv[i+1]); stop=1; } } } //make sure we're not needlessly continuing. if (stop==0) { exit(EXIT_SUCCESS); } //here we open the device. //we'll set promisc to 0 so that this can be ran on non-root systems. handle=pcap_open_live(dev,BUFSIZ,0,wait,ebuff); if (handle==NULL) { PrintErr(ebuff); exit(EXIT_FAILURE); } cout << "compiling" <<endl; //now we "compile" our filter: if (pcap_compile(handle,&prog,filter,1,net_addr)==-1) { PrintErr("Filter compilation error!"); exit(EXIT_FAILURE); } cout << "applying" <<endl; //now we apply the filter: if (pcap_setfilter(handle,&prog)==-1) { PrintErr("Error in applying filter!"); exit(EXIT_FAILURE); } cout << "creating loop" << endl; pcap_loop(handle,loop,capt_h,NULL); pcap_close(handle); return 0; } void PrintErr(const char* message) { cerr << "***ERROR***! " << message << "\n" << endl; return; } void PrintErr(const string message) { cerr << message << endl; return; } void help(const char* progname) { cout << progname << " help:\n\n" << endl; cout << "-i: print default interface information.\n" << endl; return; } void version(const char* progname) { cout << progname << "Version: 0.5.\n" << endl; cout << "Library versions:\n" << endl; cout << pcap_lib_version() << "\n" << endl; return; } void capt_h(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { if (packet==NULL) { cout << "NULL packet" << endl; } static int count=1; cout << count << endl; count++; int ip_size; int tcp_size; int size_payload; ether_hdr* eth=(ether_hdr*)packet; ip_hdr* ip=(ip_hdr*)(packet+sizeof(ether_hdr)); cout << "From: " << inet_ntoa(ip->ip_src) << "\t\t" << "to: " << inet_ntoa(ip->ip_dst) << ".\n" <<endl; cout << "Id: " << ip->ip_id << endl; //now we determine the protocol: switch(ip->ip_p) { case IPPROTO_TCP: cout << "Protocol: TCP." << endl; break; default: cout << "Protocol: unknown." << endl; return; break; } tcp_hdr *tcp; ip_size=IP_HL(ip)*4; tcp=(tcp_hdr*)((packet+sizeof(ether_hdr))+ip_size); cout << "Source port: " << tcp->th_sport << "\t\tDestination port: " << tcp->th_dport << "." << endl; } //packet.h: #ifndef PACKET_H #define PACKET_H //ethernet header: //needed if the code includes ethernet.h. #ifndef ETHER_ADDR_LEN #define ETHER_ADDR_LEN 6 #endif //tcp flags: #define TH_FIN 0x01 #define TH_SYN 0x02 #define TH_RST 0x04 #define TH_PUSH 0x08 #define TH_ACK 0x10 #define TH_URG 0x20 #define TH_ECE 0x40 #define TH_CWR 0x80 #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) struct ether_hdr { u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; struct ip_hdr { u_char ip_vhl; /* version << 4 | header length>> 2 */ u_char ip_tos; /* type of service */ u_short ip_len; /* total length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ in_addr ip_src,ip_dst; /* source and dest address*/ }; #define IP_HL(ip) (((ip)->ip_vhl) & 0x0f) #define IP_V(ip) (((ip)->ip_vhl) >> 4) struct tcp_hdr { u_short th_sport; u_short th_dport; int th_seq; /* sequence number */ u_char offset; //the first four bits are used. #define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4) u_char th_flags; u_short th_win; /* window */ u_short th_sum; /* checksum */ u_short th_urp; /* urgent pointer */ }; #endif //end code Thanks again, - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- help with packet tracer Tyler Littlefield (Feb 18)
- Re: help with packet tracer Gisle Vanem (Feb 19)
- Re: help with packet tracer Tyler Littlefield (Feb 19)
- Re: help with packet tracer Gisle Vanem (Feb 19)
- Re: help with packet tracer Tyler Littlefield (Feb 19)
- Re: help with packet tracer Tyler Littlefield (Feb 19)
- Re: help with packet tracer Gisle Vanem (Feb 19)