CODEWITHSUNDEEP
c
hopeless coder
hopeless coder

Reputation: 29

inet_ntoa conversion problem

In this snippet of code i capture the packet and i am trying to display the source and destination address by using inet_ntoa , even before that i am printing the packet src and dst address in hexa format. The problem here is both do not match, the o/p of inet_ntoa is wrong as shown in o/p 

  the src ip address should be 172.28.6.87 but inet_ntoa shows 86.212.172.28
  the src ip address should be 172.28.6.110 but inet_ntoa shows 6.87.172.28


  char *ptr = NULL;
  ptr_fltr = (struct packet_filter*)(packet); 
  memcpy(out_data,packet,50);
  printf("\n");
  for(i= 28;i<36;i++)
  printf("%#x\t",out_data[i]);
  printf("*******************************************************************\n");
  printf("---------------------Received Packet Info--------------------\n");
  ptr = inet_ntoa(ptr_fltr->ip.ip_src);
  printf("Source Ip Addr :%s\n",ptr);

here

 struct packet_filter
  {
    struct mac_filter mac;
    struct ip_filter ip;
    union {
            struct udp_filter proto;
    }protocol;
  }__attribute__((packed));


 struct ip_filter
 {
    u_char ip_vhl;
    u_char ip_tos; /* type of service */
    u_short ip_len; /* total length */
    u_short ip_id; /* identification */
    u_short ip_off; /* fragment offset field */
    u_char ip_ttl; /* time to live */
    u_char ip_p; /* protocol */
    u_short ip_sum; /* checksum */
    struct in_addr ip_src; /* source and dest address */
    struct in_addr ip_dst; /* source and dest address */
 }__attribute__((packed));

output

  0xac    0x1c    0x6 0x57    0xac    0x1c    0x6 0x6e         
  ************************************************************
  --------------------Received Packet Info--------------------
  Source Ip Addr :86.212.172.28
  Destination Ip Addr :6.87.172.28

Upvotes: 0

Views: 945

Answers (2)

blaze
blaze

Reputation: 4364

Your IP packet starts at offset 16, and if you have copied struct mac from ethernet header it is 14 bytes long. Looks like there is some unexpected data in packet.

Upvotes: 0

JeremyP
JeremyP

Reputation: 86651

Clearly your struct is off by two bytes by the time you get to the IP addresses. I've checked against the IPv4 protocol and that bit looks OK. So I suspect the struct mac is wrong. I presume struct mac is meant to be an ethernet frame. If so, it's already a bit suspicious because an Ethernet frame is not of a fixed length.

Also, (assuming you are getting these from the Berkeley Packet Filter) make sure you calculate the start of the packet correctly from the bpf header (you can't rely on sizeof(struct bpf_header)).

Upvotes: 2

Related Questions