[Winpcap-users] Retrieve packets using pcap_next_ex

Ziara . essence_z at hotmail.com
Wed Jan 30 13:13:35 GMT 2008

I'm trying retrieve upd packets with pcap_next_ex but I compare the results with this example in the manual using pcap_loop
and  I think something it's wrong, because with pcap_next_ex give me incoherent ports and some ip's, what's happen? thanks
// 4 bytes IP addresstypedef struct ip_address{ u_char byte1; u_char byte2; u_char byte3; u_char byte4;}ip_address;
// 20 bytes IP Headertypedef struct ip_header{ u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits) u_char tos; // Type of service u_short tlen; // Total length u_short identification; // Identification u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits) u_char ttl; // Time to live u_char proto; // Protocol u_short crc; // Header checksum ip_address saddr; // Source address ip_address daddr; // Destination address u_int op_pad; // Option + Padding -- NOT NEEDED!}ip_header;
typedef struct udp_header{ u_short sport;          // Source port u_short dport;          // Destination port u_short len;            // Datagram length u_short crc;            // Checksum}udp_header;
int main(){ pcap_if_t *alldevs; pcap_if_t *d; int inum; int i=0; pcap_t *adhandle; int res; char errbuf[PCAP_ERRBUF_SIZE]; struct tm *ltime; char timestr[16]; struct pcap_pkthdr *header; const u_char *pkt_data; time_t local_tv_sec;
    /* Retrieve the device list on the local machine */    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)    {        fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);        exit(1);    }
    /* Print the list */    for(d=alldevs; d; d=d->next)    {        printf("%d. %s", ++i, d->name);        if (d->description)            printf(" (%s)\n", d->description);        else            printf(" (No description available)\n");    }
    if(i==0)    {        printf("\nNo interfaces found! Make sure WinPcap is installed.\n");        return -1;    }
    printf("Enter the interface number (1-%d):",i);    scanf("%d", &inum);
    if(inum < 1 || inum > i)    {        printf("\nInterface number out of range.\n");        /* Free the device list */        pcap_freealldevs(alldevs);        return -1;    }
    /* Jump to the selected adapter */    for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
    /* Open the device */    if ( (adhandle= pcap_open(d->name,          // name of the device                              65536,            // portion of the packet to capture.                                                // 65536 guarantees that the whole packet will be captured on all the link layers                              PCAP_OPENFLAG_PROMISCUOUS,    // promiscuous mode                              1000,             // read timeout                              NULL,             // authentication on the remote machine                              errbuf            // error buffer                              ) ) == NULL)    {        fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);        /* Free the device list */        pcap_freealldevs(alldevs);        return -1;    }
    printf("\nlistening on %s...\n", d->description);
    /* At this point, we don't need any more the device list. Free it */    pcap_freealldevs(alldevs);
ip_header *ip; //ip headerudp_header *udp;u_int ip_len;u_short sport,dport;
    while((res=pcap_next_ex( adhandle, &header, &pkt_data))>=0)    {
            if(res == 0)            //Timeout elapsed            continue;
ip = (ip_header*)(pkt_data + 14);
ip_len = (ip->ver_ihl & 0xf) * 4; //Longitud de Ip headerudp = (udp_header *)((u_char *)ip + ip_len);
sport = ntohs( udp->sport );dport = ntohs( udp->dport );
printf("Dir Sourc: %d.%d.%d.%d\n", ip->saddr.byte1,ip->saddr.byte2,ip->saddr.byte3,ip->saddr.byte4);printf("Dir Dest: %d.%d.%d.%d\n", ip->daddr.byte1,ip->daddr.byte2,ip->daddr.byte3,ip->daddr.byte4);
printf("Port Sourc: %d\n", sport);printf("Port Dest: %d\n", dport);
    }    if(res == -1){        printf("Error reading the packets: %s\n", pcap_geterr(adhandle));        return -1;    }    return 0;}
Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar siempre a la última
Guapos y guapas, clips musicales y estrenos de cine. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080130/18b1d776/attachment.htm

More information about the Winpcap-users mailing list