I can't display protocol values for a sniffer C/C++

Discussion in 'C++' started by p3dRo, Nov 2, 2008.

  p3dRo

    p3dRo New Member

    Nov 2, 2008
    Im working with libpcap and I want to print the protocol field of the IP header and the type field of the ICMP header. Here the important code:

    #include <pcap.h>
    #include <stdio.h>
    #include <string.h>
    #include <stdlib.h>
    #include <ctype.h>
    #include <errno.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <arpa/inet.h>
    #include <netinet/in.h>
    struct ip {
    	u_int8_t	ip_vhl;		/* header length, version */
    #define IP_V(ip)	(((ip)->ip_vhl & 0xf0) >> 4)
    #define IP_HL(ip)	((ip)->ip_vhl & 0x0f)
    	u_int8_t	ip_tos;		/* type of service */
    	u_int16_t	ip_len;		/* total length */
    	u_int16_t	ip_id;		/* identification */
    	u_int16_t	ip_off;		/* fragment offset field */
    #define	IP_DF 0x4000			/* dont fragment flag */
    #define	IP_MF 0x2000			/* more fragments flag */
    #define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
    	u_int8_t	ip_ttl;		/* time to live */
    	u_int8_t	ip_p;		/* protocol */
    	u_int16_t	ip_sum;		/* checksum */
    	struct	in_addr ip_src,ip_dst;	/* source and dest address */
    struct icmp {
            u_int8_t  icmp_type;            /* type of message, see below */
            u_int8_t  icmp_code;            /* type sub code */
            u_int16_t icmp_cksum;           /* ones complement cksum of struct */
    got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
    	static int count = 1;                   /* packet counter */
            struct ip               *ip; 
            struct icmp             *icmp;
    	printf("\nPacket number %d:\n", count);
           printf("\nProtocol field: ");
    		case IPPROTO_IP : printf("Dummy protocol for TCP"); 
    		case IPPROTO_ICMP : printf("ICMP");
    		case IPPROTO_TCP : printf("TCP");
    		case IPPROTO_UDP : printf("UDP");
    		default : printf("???");
    	fprintf(stdout,"  ICMP type: %d\n", icmp->icmp_type);
    I call this function in my program in main() with :

    pcap_loop(handle, num_packets, got_packet, NULL);
    When I start this program I do a ping to my gateway in another window and I cant get the right values for protocol field and type field.

    What I need to change or to add in order to get the right values?

    Extra information:
    When I do a ping to my router I think that I should get:
    Protocol field: ICMP
    ICMP type: 0 or 8

