getting port number of a packet in pcap file
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6

Thread: getting port number of a packet in pcap file

  1. #1
    Join Date
    Jan 2014
    Posts
    3

    getting port number of a packet in pcap file

    Hi all,I am programming in c++ with 'winpcap' . I read a .pcap file and after I want to get the source and destination of packets in that file,but i coulden't get the right answer!!here is a piece of my code:

    Code:
    ////I define the sructures here
    #pragma pack(1)
        struct sniff_ethernet {
            u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
            u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
            u_short ether_type; /* IP? ARP? RARP? etc */
        };
    
        /* IP header */
    #pragma pack(1)
        struct sniff_ip {
            u_char ip_vhl;      /* version << 4 | header length >> 2 */
            u_char ip_tos;      /* type of service */
            u_short ip_len;     /* total length */
            u_short ip_id;      /* identification */
            u_short ip_off;     /* fragment offset field */
        #define IP_RF 0x8000        /* reserved fragment flag */
        #define IP_DF 0x4000        /* dont fragment flag */
        #define IP_MF 0x2000        /* more fragments flag */
        #define IP_OFFMASK 0x1fff   /* mask for fragmenting bits */
            u_char ip_ttl;      /* time to live */
            u_char ip_p;        /* protocol */
            u_short ip_sum;     /* checksum */
            struct in_addr ip_src;
            struct in_addr ip_dst; /* source and dest address */
        };
    #pragma pack(1)
        struct sniff_tcp {
            u_short th_sport;   /* source port */
            u_short th_dport;   /* destination port */
            u_int32_t th_seq;       /* sequence number */
            u_int32_t th_ack;       /* acknowledgement number */
    
            u_char th_offx2;    /* data offset, rsvd */
        #define TH_OFF(th)  (((th)->th_offx2 & 0xf0) >> 4)
            u_char th_flags;
        #define TH_FIN 0x01
        #define TH_SYN 0x02
        #define TH_RST 0x04
        #define TH_PUSH 0x08
        #define TH_ACK 0x10
        #define TH_URG 0x20
        #define TH_ECE 0x40
        #define TH_CWR 0x80
        #define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
            u_short th_win;     /* window */
            u_short th_sum;     /* checksum */
            u_short th_urp;     /* urgent pointer */
    };
    and in the main() I'v write this code for reading the source and destination port:

    Code:
    while (pcap_next_ex(handler, &header, &packet) >= 0)
        {
            ethernet = (struct sniff_ethernet*)(packet);
            ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
        
            tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
    
            printf("src port: %d dest port: %d \n", tcp->th_sport, tcp->th_dport);
            fprintf(fp,"src port: %d dest port: %d \n", tcp->th_sport, tcp->th_dport);
    }

    but the result is incorrect? where is the problem?plz help me
    Last edited by VictorN; January 20th, 2014 at 02:17 AM. Reason: added code tags

  2. #2
    VictorN's Avatar
    VictorN is offline Super Moderator Power Poster
    Join Date
    Jan 2003
    Location
    Wallisellen (ZH), Switzerland
    Posts
    17,604

    Re: getting port number of a packet in pcap file

    Define "incorrect".
    Did you debug this code?
    Victor Nijegorodov

  3. #3
    Join Date
    Jan 2014
    Posts
    3

    Re: getting port number of a packet in pcap file

    Quote Originally Posted by VictorN View Post
    Define "incorrect".
    Did you debug this code?
    I check it by wireshark and see that there isn't any (for example) port number like this,or there isn't any ip address compatible with it's result.

  4. #4
    VictorN's Avatar
    VictorN is offline Super Moderator Power Poster
    Join Date
    Jan 2003
    Location
    Wallisellen (ZH), Switzerland
    Posts
    17,604

    Re: getting port number of a packet in pcap file

    Quote Originally Posted by ssh.8768 View Post
    I check it by wireshark and see that there isn't any (for example) port number like this,or there isn't any ip address compatible with it's result.
    Maybe you set these port number and ip address not correct?
    You have to debug your code to be sure all structures are set correctly!
    Victor Nijegorodov

  5. #5
    Join Date
    Jan 2014
    Posts
    3

    Re: getting port number of a packet in pcap file

    Quote Originally Posted by VictorN View Post
    Maybe you set these port number and ip address not correct?
    You have to debug your code to be sure all structures are set correctly!
    ok,when I want to debug it, I get exception about access violation(I don't know why!),but I'm sure that it doesn't get me the correct answer!!!!I open the same file with wireshar to check the source and destination port, I see the different results.

  6. #6
    Join Date
    Dec 2012
    Location
    England
    Posts
    2,844

    Re: getting port number of a packet in pcap file

    ok,when I want to debug it, I get exception about access violation(I don't know why!),
    The you need to debug the code to find out why.
    All advice is offered in good faith only. You are ultimately responsible for effects of your programs and the integrity of the machines they run on.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center