Reputation: 85
display the contents of the packet in c
i am capturing packets in the network, and printing the packet values i have defined structures for ethernet ip and tcp, i am first printing the entire packet then but while printing the packet data according to the structure it skips the first 4 bytes of packet and prints the next as 6 bytes as destination address ans so on, why is it skipping the first 4 bytes ? due to this i get wrong results
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
int i,a[4],mul_value;
struct classifier *ptr_fltr;
ptr_fltr = (struct classifier*)(packet);
int PacketLength = header->len;
for(i = 0; i < PacketLength; i++)
printf("%3X", packet[i]);
printf("destination host");
for(i = 0; i < 6; i++)
printf("%3x",ptr_fltr->pktFltr.mac.ether_dhost[i]);
printf("\n");
printf("source host");
for(i = 0; i < 6; i++)
printf("%3x",ptr_fltr->pktFltr.mac.ether_shost[i]);
.
.
.
.
}
these are the structures
struct packet_filter
{
struct mac_filter mac;
struct ip_filter ip;
union {
struct udp_filter proto;
}protocol;
}__attribute__((packed));
struct mac_filter
{
u_char ether_dhost[ETHER_ADDR_LEN];
u_char ether_shost[ETHER_ADDR_LEN];
u_short ether_type;
}__attribute__ ((packed));
struct ip_filter
{
u_char ip_vhl;
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src; /* source and dest address */
struct in_addr ip_dst; /* source and dest address */
}__attribute__((packed));
struct node
{
int n;
struct classifier keys[M-1]; /*array of keys*/
struct node *p[M];
}__attribute__((packed));
output
i have put some part of the o/p
0 14 85 A5 1B 1 0 19 D1 A3 7 25 8 0 45 10 1 54 A6 CA 40 0 40 6 2D CC AC 1C 6 6E AC 1C 6 57 0 16 91 57 EA AB
destination host 1b 1 0 19 d1 a3
source host 7 25 8 0 45 10
but the destination host should be 0 14 85 A5 1B 1
Upvotes: 1
Views: 7783
Answers (1)
Reputation: 3771
Instead of using a custom structure, just cast the pointer to the buffer containing the packet to the structure of the packet type and work down from there. IIRC libpcap emits Ethernet packets, so the following code should print the Ethernet packet type, the destination and source MAC addresses and the payload in hexadecimal:
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) {
struct mac_filter *p = (struct mac_filter *) packet;
const unsigned int data_len = (header->len - sizeof *p);
const u_char *data = (packet + sizeof *p);
int i = 0;
printf("Type: %04hx\n", p->ether_type);
printf(
"Destination: %02X:%02X:%02X:%02X:%02X:%02X\n",
p->ether_dhost[0], p->ether_dhost[1], p->ether_dhost[2],
p->ether_dhost[3], p->ether_dhost[4], p->ether_dhost[5]
);
printf(
"Sender: %02X:%02X:%02X:%02X:%02X:%02X\n",
p->ether_shost[0], p->ether_shost[1], p->ether_shost[2],
p->ether_shost[3], p->ether_shost[4], p->ether_shost[5]
);
for (i = 0; i < data_len; i++) {
printf(" %02x", data[i] & 0xff);
}
printf("\n");
}
Upvotes: 1
Related Questions
- is there a function in a c lib to print data packets similar to Wireshark format (position then byte by byte)
- Print TCP Packet Data
- How can I print whole data of a packet in c?
- How to create a custom packet in c?
- printing packet details using pcap library
- Display packet's detail using libpcap like Wireshark
- Print HEX value of packet content
- printing the user data in network packet
- capturing network packet in c
- C libpcap: How do I see what's in the header/packet?