Go4Expert

Go4Expert (http://www.go4expert.com/)
-   C++ (http://www.go4expert.com/forums/cpp/)
-   -   I can't display protocol values for a sniffer C/C++ (http://www.go4expert.com/forums/i-display-protocol-values-sniffer-c-cpp-t14936/)

p3dRo 3Nov2008 01:20

I can't display protocol values for a sniffer C/C++
 
Im working with libpcap and I want to print the protocol field of the IP header and the type field of the ICMP header. Here the important code:

Code:

#include <pcap.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>

struct ip {
        u_int8_t        ip_vhl;                /* header length, version */
#define IP_V(ip)        (((ip)->ip_vhl & 0xf0) >> 4)
#define IP_HL(ip)        ((ip)->ip_vhl & 0x0f)
        u_int8_t        ip_tos;                /* type of service */
        u_int16_t        ip_len;                /* total length */
        u_int16_t        ip_id;                /* identification */
        u_int16_t        ip_off;                /* fragment offset field */
#define        IP_DF 0x4000                        /* dont fragment flag */
#define        IP_MF 0x2000                        /* more fragments flag */
#define        IP_OFFMASK 0x1fff                /* mask for fragmenting bits */
        u_int8_t        ip_ttl;                /* time to live */
        u_int8_t        ip_p;                /* protocol */
        u_int16_t        ip_sum;                /* checksum */
        struct        in_addr ip_src,ip_dst;        /* source and dest address */
};

struct icmp {
        u_int8_t  icmp_type;            /* type of message, see below */
        u_int8_t  icmp_code;            /* type sub code */
        u_int16_t icmp_cksum;          /* ones complement cksum of struct */
};

void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
        static int count = 1;                  /* packet counter */
        struct ip              *ip;
        struct icmp            *icmp;

        printf("\nPacket number %d:\n", count);
        count++;
      printf("\nProtocol field: ");
        switch(ip->ip_p)
        {
                case IPPROTO_IP : printf("Dummy protocol for TCP");
                break;
                case IPPROTO_ICMP : printf("ICMP");
                break;
                case IPPROTO_TCP : printf("TCP");
                break;
                case IPPROTO_UDP : printf("UDP");
                break;
                default : printf("???");
                break;
        } 

        fprintf(stdout,"  ICMP type: %d\n", icmp->icmp_type);
}

I call this function in my program in main() with :

Code:

pcap_loop(handle, num_packets, got_packet, NULL);
When I start this program I do a ping to my gateway 192.168.1.1 in another window and I cant get the right values for protocol field and type field.

What I need to change or to add in order to get the right values?

Extra information:
When I do a ping to my router I think that I should get:
Protocol field: ICMP
ICMP type: 0 or 8


All times are GMT +5.5. The time now is 08:09.