SV: [Winpcap-users] how to open the IP packet data

Mario und Martina Müller mario_martina.mueller at t-online.de
Fri Feb 10 14:46:12 GMT 2006


Hello,

thank yo for your help.

i added the code, but i get the error-message:
"invalid conversion from `int' to `char*' " in the codeline:
payload = (u_char)pkt_data + SIZE_ETHERNET + size_ip + size_tcp;

i dont know whats wrong.
to see the packet data it must be a string and not an integer.
how can i see the packet data?

Here is the compled sourcecode:
THANK YOU FOR HELP

#include "pcap.h"
#include <windows.h>

#define ETHER_ADDR_LEN 6
struct ethernet_header {
        u_char  ether_dhost[ETHER_ADDR_LEN];    /* destination host address
*/
        u_char  ether_shost[ETHER_ADDR_LEN];    /* source host address */
        u_short ether_type;                     /* IP? ARP? RARP? etc */
};

// 6 byte MAC Address 
typedef struct mac_address { 
    u_char byte1; 
    u_char byte2; 
    u_char byte3; 
    u_char byte4; 
 u_char byte5; 
 u_char byte6; 
}mac_address; 


// 4 bytes IP address 
typedef struct ip_address{ 
    u_char byte1; 
    u_char byte2; 
    u_char byte3; 
    u_char byte4; 
}ip_address; 


// 20 bytes IP Header 
typedef struct ip_header{ 
    u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) 
    u_char tos; // Type of service 
    u_short tlen; // Total length 
    u_short identification; // Identification 
    u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) 
    u_char ttl; // Time to live 
    u_char proto; // Protocol 
    u_short crc; // Header checksum 
    ip_address saddr; // Source address 
    ip_address daddr; // Destination address 
 // u_int op_pad; // Option + Padding -- NOT NEEDED! 
}ip_header; 

//"Simple" struct for TCP
typedef struct tcp_header { 
 u_short sport; // Source port 
 u_short dport; // Destination port 
 u_int seqnum; // Sequence Number 
 u_int acknum; // Acknowledgement number 
 u_char th_off; // Header length 
 u_char flags; // packet flags 
 u_short win; // Window size 
 u_short crc; // Header Checksum 
 u_short urgptr; // Urgent pointer...still don't know what this is...

}tcp_header;  
typedef struct udp_header{
    u_short sport;          // Source port
    u_short dport;          // Destination port
    u_short len;            // Datagram length
    u_short crc;            // Checksum
}udp_header;

int main()
{
 pcap_if_t *alldevs;
 pcap_if_t *d;
 int inum;
 int i=0;
 pcap_t *adhandle;
 int res;
 char errbuf[PCAP_ERRBUF_SIZE];
 struct tm *ltime;
 char timestr[16];
 struct pcap_pkthdr *header;
 const u_char *pkt_data;
  
    
 /* Retrieve the device list */
 if(pcap_findalldevs(&alldevs, errbuf) == -1)
 {
  fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
  return -1;
 }
    
    /* Print the list */
    for(d=alldevs; d; d=d->next)
    {
        printf("%d. %s", ++i, d->name);
        if (d->description)
            printf(" (%s)\n", d->description);
        else
            printf(" (No description available)\n");
    }
 
    if(i==0)
    {
        printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
        return -1;
    }
    
    printf("Enter the interface number (1-%d):",i);
    scanf("%d", &inum);
    
    if(inum < 1 || inum > i)
    {
        printf("\nInterface number out of range.\n");
        /* Free the device list */
        pcap_freealldevs(alldevs);
        return -1;
    }
 
    /* Jump to the selected adapter */
    for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
    
 /* Open the adapter */
 if ((adhandle= pcap_open_live(d->name, // name of the device
        65536,   // portion of the packet to capture. 
           // 65536 grants that the whole packet will be captured on all the MACs.
        0,    // promiscuous mode (nonzero means promiscuous)
        1000,   // read timeout
        errbuf   // error buffer
        )) == NULL)
 {
  fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
  /* Free the device list */
  pcap_freealldevs(alldevs);
  return -1;
 }
    
    printf("\nlistening on %s...\n", d->description);
 
    /* At this point, we don't need any more the device list. Free it */
    pcap_freealldevs(alldevs);
 
 /* Retrieve the packets */

int size_ip;
int size_tcp;
int SIZE_ETHERNET;
    ip_header *ih;
    tcp_header *tcph;
    udp_header *uh;
    u_int ip_len;
    u_short sport,dport;
 while((res = pcap_next_ex( adhandle, &header, &pkt_data)) >= 0){ 
  if(res == 0)
   /* Timeout elapsed */
   continue;
 
    
    const struct ethernet_header *ethernet; /* The ethernet header */
const struct ip_header *ip;   /* The IP header */
const struct tcp_header *tcp;   /* The TCP header */
char *payload;     /* Pointer to packet payload
*/
ethernet = (struct ethernet_header*)(pkt_data);
ip = (struct ip_header*)(pkt_data + SIZE_ETHERNET);
size_ip = (ip->ver_ihl & 0xf) * 4; //Gets length of IP header with options
if (size_ip < 20) {
 printf("   * Invalid IP header length: %u bytes\n", size_ip);
 return NULL;
}
tcp = (struct tcp_header*)(pkt_data + SIZE_ETHERNET + size_ip); //TCP header
size_tcp = tcp->th_off/4;
if (size_tcp < 20) {
 printf("   * Invalid TCP header length: %u bytes\n", size_tcp);
 return  NULL;
}
payload = (u_char)pkt_data + SIZE_ETHERNET + size_ip + size_tcp;

    
     
  /* convert the timestamp to readable format */
  ltime=localtime(&header->ts.tv_sec);
  strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
      ih = (ip_header *) (pkt_data +
        14);
    ip_len = (ih->ver_ihl & 0xf) * 4;
    uh = (udp_header *) ((u_char*)ih + ip_len);

    /* convert from network byte order to host byte order */
    sport = ntohs( uh->sport );
    dport = ntohs( uh->dport );
  printf("%s: %d.%d.%d.%d:%d -->  %d.%d.%d.%d:%d  - ", timestr,  ih->saddr.byte1,ih->saddr.byte2,ih->saddr.byte3,ih->saddr.byte4,sport,ih->daddr.byte1,ih->daddr.byte2,ih->daddr.byte3,ih->daddr.byte4,dport);
       if (ih->proto == 0) {               
       printf("!!! Reserved !!!\n"); }
       if (ih->proto == 1) {               
       printf("ICMP\n");
       MessageBox(NULL,"ICMP-Packet(s) found!","WARNING",MB_OK); }
    
       if (ih->proto == 2) {               
       printf("IGMP\n"); }
  
       if (ih->proto == 3) {               
       printf("GGP\n"); 
       MessageBox(NULL,"Gateway-to-Gateway-Packet(s) found!","WARNING",MB_OK);}
    
       if (ih->proto == 4) {               
       printf("IP\n");
       MessageBox(NULL,"IP-in-IP-Packet(s) found!","WARNING",MB_OK); }
    
       if (ih->proto == 5) {               
       printf("ST\n"); }
    
       if (ih->proto == 6) {               
       printf("TCP\n"); }
    
       if (ih->proto == 7) {               
       printf("UCL\n"); }
    
       if (ih->proto == 8) {               
       printf("EGP\n"); }
    
       if (ih->proto == 9) {               
       printf("IGP\n"); }
    
       if (ih->proto == 10) {               
       printf("BBN-RCC-MON\n"); }
  
       if (ih->proto == 11) {               
       printf("NVP-II\n"); }
    
       if (ih->proto == 12) {               
       printf("PUP\n"); }
    
       if (ih->proto == 13) {               
       printf("ARGUS\n"); }
    
       if (ih->proto == 14) {               
       printf("EMCON\n"); }
    
       if (ih->proto == 15) {               
       printf("XNET\n"); }
    
       if (ih->proto == 16) {               
       printf("!!! CHAOS !!!\n");
       MessageBox(NULL,"CHAOS-Packet(s) found!","WARNING",MB_OK); }
    
       if (ih->proto == 17) {               
       printf("UDP\n"); }
    
       if (ih->proto == 18) {               
       printf("MUX\n"); }
    
       if (ih->proto == 19) {               
       printf("DCN-MEAS\n"); }
    
       if (ih->proto == 20) {               
       printf("HMP\n"); }
    
       if (ih->proto == 21) {               
       printf("PRM\n"); }
    
       if (ih->proto == 22) {               
       printf("XNS-IDP\n"); }
    
       if (ih->proto == 23) {               
       printf("TRUNK-1\n"); }
  
       if (ih->proto == 24) {               
       printf("TRUNK-2\n"); }
  
       if (ih->proto == 25) {               
       printf("LEAF-1\n"); }
    
       if (ih->proto == 26) {               
       printf("LEAF-2\n"); }
    
       if (ih->proto == 27) {               
       printf("RDP\n"); }
    
       if (ih->proto == 28) {               
       printf("IRTP\n"); }
    
       if (ih->proto == 29) {               
       printf("ISO-TP4\n"); }
    
       if (ih->proto == 30) {               
       printf("NETBLT\n"); }
    
       if (ih->proto == 31) {               
       printf("MFE-NSP\n"); }
    
       if (ih->proto == 32) {               
       printf("MERIT-INP\n"); }
    
       if (ih->proto == 33) {               
       printf("SEP\n"); }
    
       if (ih->proto == 34) {               
       printf("3PC\n"); }
    
       if (ih->proto == 35) {               
       printf("IDPR\n"); }
    
       if (ih->proto >= 36) {               
       printf("!!! UNKOWN !!!\n");
       MessageBox(NULL,"UNKOWN Packetformat found!","WARNING",MB_OK); }
      //printf(tcph->data);
}
         

 if(res == -1){
  printf("Error reading the packets: %s\n", pcap_geterr(adhandle));
  return -1;
 }
 
   pcap_close(adhandle);  
   return 0;
}


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20060210/5bee143f/attachment-0001.htm


More information about the Winpcap-users mailing list