1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

I can't display protocol values for a sniffer C/C++

Discussion in 'C++' started by p3dRo, Nov 2, 2008.

  1. p3dRo

    p3dRo New Member

    Joined:
    Nov 2, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Im working with libpcap and I want to print the protocol field of the IP header and the type field of the ICMP header. Here the important code:

    Code:
    #include <pcap.h>
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <ctype.h>
    #include <errno.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <arpa/inet.h>
    #include <netinet/in.h>
    
    struct ip {
    	u_int8_t	ip_vhl;		/* header length, version */
    #define IP_V(ip)	(((ip)->ip_vhl & 0xf0) >> 4)
    #define IP_HL(ip)	((ip)->ip_vhl & 0x0f)
    	u_int8_t	ip_tos;		/* type of service */
    	u_int16_t	ip_len;		/* total length */
    	u_int16_t	ip_id;		/* identification */
    	u_int16_t	ip_off;		/* fragment offset field */
    #define	IP_DF 0x4000			/* dont fragment flag */
    #define	IP_MF 0x2000			/* more fragments flag */
    #define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
    	u_int8_t	ip_ttl;		/* time to live */
    	u_int8_t	ip_p;		/* protocol */
    	u_int16_t	ip_sum;		/* checksum */
    	struct	in_addr ip_src,ip_dst;	/* source and dest address */
    };
    
    struct icmp {
            u_int8_t  icmp_type;            /* type of message, see below */
            u_int8_t  icmp_code;            /* type sub code */
            u_int16_t icmp_cksum;           /* ones complement cksum of struct */
    };
    
    void
    got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
    {
    	static int count = 1;                   /* packet counter */
            struct ip               *ip; 
            struct icmp             *icmp;
    
    	printf("\nPacket number %d:\n", count);
    	count++;
           printf("\nProtocol field: ");
    	switch(ip->ip_p)
    	{
    		case IPPROTO_IP : printf("Dummy protocol for TCP"); 
    		 break;
    		case IPPROTO_ICMP : printf("ICMP");
    		 break;
    		case IPPROTO_TCP : printf("TCP");
    		 break;
    		case IPPROTO_UDP : printf("UDP");
    		 break;
    		default : printf("???");
    		 break;
    	}  
    
    	fprintf(stdout,"  ICMP type: %d\n", icmp->icmp_type);
    }
    
    I call this function in my program in main() with :

    Code:
    pcap_loop(handle, num_packets, got_packet, NULL);
    When I start this program I do a ping to my gateway 192.168.1.1 in another window and I cant get the right values for protocol field and type field.

    What I need to change or to add in order to get the right values?

    Extra information:
    When I do a ping to my router I think that I should get:
    Protocol field: ICMP
    ICMP type: 0 or 8
     

Share This Page