<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<STYLE>.hmmessage P {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px
}
BODY.hmmessage {
FONT-SIZE: 10pt; FONT-FAMILY: Tahoma
}
</STYLE>
<META content="MSHTML 6.00.6000.16587" name=GENERATOR></HEAD>
<BODY class=hmmessage bgColor=#ffffff>
<DIV><FONT face="Courier New">You forgot to set the capture filter with
pcap_compile/pcap_setfilter to udp packets. so you are capturing packets
which are not udp (or not even ip) and then decoding them as
udp.</FONT></DIV>
<DIV><FONT face="Courier New"></FONT> </DIV>
<DIV> <FONT face="Courier New">Have a nice day</FONT></DIV>
<DIV><FONT face="Courier New">GV</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=essence_z@hotmail.com href="mailto:essence_z@hotmail.com">Ziara .</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Wednesday, January 30, 2008 5:13
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] Retrieve packets
using pcap_next_ex</DIV>
<DIV><BR></DIV>I'm trying retrieve upd packets with pcap_next_ex but I compare
the results with this example in the manual using pcap_loop<BR> <BR><A
href="http://www.winpcap.org/docs/docs_40_2/html/group__wpcap__tut6.html">http://www.winpcap.org/docs/docs_40_2/html/group__wpcap__tut6.html</A><BR> <BR>and
I think something it's wrong, because with pcap_next_ex give me incoherent
ports and some ip's, what's happen? thanks<BR> <BR>// 4 bytes IP
address<BR>typedef struct ip_address{<BR> u_char byte1;<BR> u_char
byte2;<BR> u_char byte3;<BR> u_char byte4;<BR>}ip_address;<BR>// 20
bytes IP Header<BR>typedef struct ip_header{<BR> u_char ver_ihl; //
Version (4 bits) + Internet header length (4 bits)<BR> u_char tos; //
Type of service<BR> u_short tlen; // Total length<BR> u_short
identification; // Identification<BR> u_short flags_fo; // Flags (3 bits)
+ Fragment offset (13 bits)<BR> u_char ttl; // Time to
live<BR> u_char proto; // Protocol<BR> u_short crc; // Header
checksum<BR> ip_address saddr; // Source address<BR> ip_address
daddr; // Destination address<BR> u_int op_pad; // Option + Padding --
NOT NEEDED!<BR>}ip_header;<BR>typedef struct udp_header{<BR> u_short
sport; // Source
port<BR> u_short
dport; // Destination
port<BR> u_short
len; //
Datagram length<BR> u_short
crc; //
Checksum<BR>}udp_header;<BR>int main()<BR>{<BR> pcap_if_t
*alldevs;<BR> pcap_if_t *d;<BR> int inum;<BR> int
i=0;<BR> pcap_t *adhandle;<BR> int res;<BR> char
errbuf[PCAP_ERRBUF_SIZE];<BR> struct tm *ltime;<BR> char
timestr[16];<BR> struct pcap_pkthdr *header;<BR> const u_char
*pkt_data;<BR> time_t local_tv_sec;<BR><BR> /* Retrieve
the device list on the local machine */<BR> if
(pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) ==
-1)<BR> {<BR>
fprintf(stderr,"Error in pcap_findalldevs: %s\n",
errbuf);<BR>
exit(1);<BR> }<BR> /* Print the list
*/<BR> for(d=alldevs; d; d=d->next)<BR>
{<BR> printf("%d. %s", ++i,
d->name);<BR> if
(d->description)<BR>
printf(" (%s)\n",
d->description);<BR>
else<BR>
printf(" (No description available)\n");<BR>
}<BR> if(i==0)<BR>
{<BR> printf("\nNo interfaces found!
Make sure WinPcap is
installed.\n");<BR> return
-1;<BR> }<BR> printf("Enter the interface
number (1-%d):",i);<BR> scanf("%d",
&inum);<BR> if(inum < 1 || inum >
i)<BR> {<BR>
printf("\nInterface number out of
range.\n");<BR> /* Free the device
list */<BR>
pcap_freealldevs(alldevs);<BR>
return -1;<BR> }<BR> /* Jump to the
selected adapter */<BR> for(d=alldevs, i=0; i< inum-1
;d=d->next, i++);<BR> /* Open the device
*/<BR> if ( (adhandle=
pcap_open(d->name, //
name of the
device<BR>
65536, //
portion of the packet to
capture.<BR>
// 65536 guarantees that the whole packet will be captured on all the link
layers<BR>
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous
mode<BR>
1000,
// read
timeout<BR>
NULL,
// authentication on the remote
machine<BR>
errbuf //
error
buffer<BR>
) ) == NULL)<BR>
{<BR> fprintf(stderr,"\nUnable to
open the adapter. %s is not supported by WinPcap\n",
d->name);<BR> /* Free the device
list */<BR>
pcap_freealldevs(alldevs);<BR>
return -1;<BR> }<BR> printf("\nlistening
on %s...\n", d->description);<BR> /* At this point, we
don't need any more the device list. Free it */<BR>
pcap_freealldevs(alldevs);<BR><BR>ip_header *ip; //ip header<BR>udp_header
*udp;<BR>u_int ip_len;<BR>u_short sport,dport;<BR><BR>
while((res=pcap_next_ex( adhandle, &header,
&pkt_data))>=0)<BR>
{<BR> if(res
== 0)<BR>
//Timeout
elapsed<BR>
continue;<BR>ip = (ip_header*)(pkt_data + 14);<BR>ip_len = (ip->ver_ihl
& 0xf) * 4; //Longitud de Ip header<BR>udp = (udp_header *)((u_char *)ip +
ip_len);<BR>sport = ntohs( udp->sport );<BR>dport = ntohs( udp->dport
);<BR>printf("Dir Sourc: %d.%d.%d.%d\n",
ip->saddr.byte1,ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4);<BR>printf("Dir
Dest: %d.%d.%d.%d\n",
ip->daddr.byte1,ip->daddr.byte2,ip->daddr.byte3,ip->daddr.byte4);<BR>printf("Port
Sourc: %d\n", sport);<BR>printf("Port Dest: %d\n",
dport);<BR> <BR> }<BR> if(res ==
-1){<BR> printf("Error reading the
packets: %s\n",
pcap_geterr(adhandle));<BR> return
-1;<BR> }<BR> return 0;<BR>}<BR><BR>
<HR>
Sigue de cerca las últimas tendencias y lo que más rompe <A
href="http://video.msn.com/video.aspx?mkt=es-es" target=_new>MSN Vídeo</A>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>