CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6

Threaded View

  1. #1
    Join Date
    Jan 2014

    getting port number of a packet in pcap file

    Hi all,I am programming in c++ with 'winpcap' . I read a .pcap file and after I want to get the source and destination of packets in that file,but i coulden't get the right answer!!here is a piece of my code:

    ////I define the sructures here
    #pragma pack(1)
        struct sniff_ethernet {
            u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
            u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
            u_short ether_type; /* IP? ARP? RARP? etc */
        /* IP header */
    #pragma pack(1)
        struct sniff_ip {
            u_char ip_vhl;      /* version << 4 | header length >> 2 */
            u_char ip_tos;      /* type of service */
            u_short ip_len;     /* total length */
            u_short ip_id;      /* identification */
            u_short ip_off;     /* fragment offset field */
        #define IP_RF 0x8000        /* reserved fragment flag */
        #define IP_DF 0x4000        /* dont fragment flag */
        #define IP_MF 0x2000        /* more fragments flag */
        #define IP_OFFMASK 0x1fff   /* mask for fragmenting bits */
            u_char ip_ttl;      /* time to live */
            u_char ip_p;        /* protocol */
            u_short ip_sum;     /* checksum */
            struct in_addr ip_src;
            struct in_addr ip_dst; /* source and dest address */
    #pragma pack(1)
        struct sniff_tcp {
            u_short th_sport;   /* source port */
            u_short th_dport;   /* destination port */
            u_int32_t th_seq;       /* sequence number */
            u_int32_t th_ack;       /* acknowledgement number */
            u_char th_offx2;    /* data offset, rsvd */
        #define TH_OFF(th)  (((th)->th_offx2 & 0xf0) >> 4)
            u_char th_flags;
        #define TH_FIN 0x01
        #define TH_SYN 0x02
        #define TH_RST 0x04
        #define TH_PUSH 0x08
        #define TH_ACK 0x10
        #define TH_URG 0x20
        #define TH_ECE 0x40
        #define TH_CWR 0x80
            u_short th_win;     /* window */
            u_short th_sum;     /* checksum */
            u_short th_urp;     /* urgent pointer */
    and in the main() I'v write this code for reading the source and destination port:

    while (pcap_next_ex(handler, &header, &packet) >= 0)
            ethernet = (struct sniff_ethernet*)(packet);
            ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
            tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
            printf("src port: %d dest port: %d \n", tcp->th_sport, tcp->th_dport);
            fprintf(fp,"src port: %d dest port: %d \n", tcp->th_sport, tcp->th_dport);

    but the result is incorrect? where is the problem?plz help me
    Last edited by VictorN; January 20th, 2014 at 01:17 AM. Reason: added code tags

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Windows Mobile Development Center

Click Here to Expand Forum to Full Width

On-Demand Webinars (sponsored)

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.