Thread: I can't display protocol values for a sniffer C/C++
View Single Post
Newbie Member
3Nov2008,01:20  
p3dRo's Avatar
Im working with libpcap and I want to print the protocol field of the IP header and the type field of the ICMP header. Here the important code:

Code:
#include <pcap.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>

struct ip {
	u_int8_t	ip_vhl;		/* header length, version */
#define IP_V(ip)	(((ip)->ip_vhl & 0xf0) >> 4)
#define IP_HL(ip)	((ip)->ip_vhl & 0x0f)
	u_int8_t	ip_tos;		/* type of service */
	u_int16_t	ip_len;		/* total length */
	u_int16_t	ip_id;		/* identification */
	u_int16_t	ip_off;		/* fragment offset field */
#define	IP_DF 0x4000			/* dont fragment flag */
#define	IP_MF 0x2000			/* more fragments flag */
#define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
	u_int8_t	ip_ttl;		/* time to live */
	u_int8_t	ip_p;		/* protocol */
	u_int16_t	ip_sum;		/* checksum */
	struct	in_addr ip_src,ip_dst;	/* source and dest address */
};

struct icmp {
        u_int8_t  icmp_type;            /* type of message, see below */
        u_int8_t  icmp_code;            /* type sub code */
        u_int16_t icmp_cksum;           /* ones complement cksum of struct */
};

void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
	static int count = 1;                   /* packet counter */
        struct ip               *ip; 
        struct icmp             *icmp;

	printf("\nPacket number %d:\n", count);
	count++;
       printf("\nProtocol field: ");
	switch(ip->ip_p)
	{
		case IPPROTO_IP : printf("Dummy protocol for TCP"); 
		 break;
		case IPPROTO_ICMP : printf("ICMP");
		 break;
		case IPPROTO_TCP : printf("TCP");
		 break;
		case IPPROTO_UDP : printf("UDP");
		 break;
		default : printf("???");
		 break;
	}  

	fprintf(stdout,"  ICMP type: %d\n", icmp->icmp_type);
}
I call this function in my program in main() with :

Code:
pcap_loop(handle, num_packets, got_packet, NULL);
When I start this program I do a ping to my gateway 192.168.1.1 in another window and I cant get the right values for protocol field and type field.

What I need to change or to add in order to get the right values?

Extra information:
When I do a ping to my router I think that I should get:
Protocol field: ICMP
ICMP type: 0 or 8