PMembrey
asked on
Payload from pcap (Linux c)
Hi guys,
I've followed the examples from this site:
http://www.systhread.net/texts/200805lpcap1.php
Near the end he has the line:
fprintf(stdout,"%s", payload);
This raises a compile error because payload isn't defined. The thing is, I need to get the payload. I've looked at some of the other examples, but I'm not sure how they got to the payload because the example apps are pretty different.
What I'm looking for is a line of code I can put before that fprintf statement that will contain the payload (that is just the data) from the packet.
Thanks in advance!
I've followed the examples from this site:
http://www.systhread.net/texts/200805lpcap1.php
Near the end he has the line:
fprintf(stdout,"%s", payload);
This raises a compile error because payload isn't defined. The thing is, I need to get the payload. I've looked at some of the other examples, but I'm not sure how they got to the payload because the example apps are pretty different.
What I'm looking for is a line of code I can put before that fprintf statement that will contain the payload (that is just the data) from the packet.
Thanks in advance!
ASKER
Tried that but it's from a different example and even when I tried building it in a separate app I didn't have much luck.
So what I'm looking for is someone to give me the code that works in the example provided on the site in my first message :-)
So what I'm looking for is someone to give me the code that works in the example provided on the site in my first message :-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If you look at the example on the page you will see that none of those variables that you are doing sizeof() on exist :)
They're not variables, but types, and they are the same types that are used earlier in that code, in a similar way - eg. :
ip = (struct nread_ip*)(packet + sizeof(struct ether_header));
tcp = (struct nread_tcp*)(packet + sizeof(struct ether_header) + sizeof(struct nread_ip));
Those types are defined in pkt.h, listed here :
http://www.systhread.net/texts/200901pcap3.php
ip = (struct nread_ip*)(packet + sizeof(struct ether_header));
tcp = (struct nread_tcp*)(packet + sizeof(struct ether_header) + sizeof(struct nread_ip));
Those types are defined in pkt.h, listed here :
http://www.systhread.net/texts/200901pcap3.php
ASKER
hmm, the code still doesn't compile though - but I won't be able to try it again until Monday. Therefore I'd request that no one else posts a response as if I can get it working with infinity08's suggestions, s/he will get all the points.
>> the code still doesn't compile though
If you want, you can just post the code you're using here, and I'll have a look at it.
If you want, you can just post the code you're using here, and I'll have a look at it.
ASKER
Okay,
I've put that line of code in and it compiles perfectly - not sure what I was doing wrong before....
But now I have a new but related question which is how do I now use 'payload'. Say I want to dump the raw packet data to a file, could you provide a really simple example as to how I can do that?
I've put that line of code in and it compiles perfectly - not sure what I was doing wrong before....
But now I have a new but related question which is how do I now use 'payload'. Say I want to dump the raw packet data to a file, could you provide a really simple example as to how I can do that?
ASKER
Also whatever I try, be it strlen or sizeof, it never seems to have much in the way of data in the payload - even though I know it's a large packet....
>> But now I have a new but related question which is how do I now use 'payload'.
Please click the "Ask a Related Question" button, and ask a new question for this. To keep things tidy and easy to manage, different questions have to be kept separate :)
>> Also whatever I try, be it strlen or sizeof, it never seems to have much in the way of data in the payload - even though I know it's a large packet....
Don't use strlen, unless you know the payload is a string that is terminated by a '\0' character (which is rarely the case).
Don't use sizeof ever - it'll return the size of the pointer, not the data it points to.
In the code you're using, the size of the payload is :
size_t payload_size = len - sizeof(struct nread_ip) - sizeof(struct nread_tcp);
Please click the "Ask a Related Question" button, and ask a new question for this. To keep things tidy and easy to manage, different questions have to be kept separate :)
>> Also whatever I try, be it strlen or sizeof, it never seems to have much in the way of data in the payload - even though I know it's a large packet....
Don't use strlen, unless you know the payload is a string that is terminated by a '\0' character (which is rarely the case).
Don't use sizeof ever - it'll return the size of the pointer, not the data it points to.
In the code you're using, the size of the payload is :
size_t payload_size = len - sizeof(struct nread_ip) - sizeof(struct nread_tcp);
ASKER
That would be dynamic? The payload size will vary I would have thought...
>> That would be dynamic?
If you look at the code, you will see that the 'len' variable was obtained from the IP header. And specifically from the 'total length' field in the IP header. That field specifies the total length of the IP datagram for that specific packet.
To get the length of the payload, all you need to do, is subtract the length of the IP and TCP headers.
If you look at the code, you will see that the 'len' variable was obtained from the IP header. And specifically from the 'total length' field in the IP header. That field specifies the total length of the IP datagram for that specific packet.
To get the length of the payload, all you need to do, is subtract the length of the IP and TCP headers.
Open in new window