Solved

IP addresses

Posted on 2004-04-10
2
383 Views
Last Modified: 2010-04-15
Ethernet frame traces have been generated by using the Unix "snoop" utility. I need to extract the source and destination address from each frame. It's probably quite easy but I'm having a bit of trouble getting started. Can you please scroll down to the last comment section and answer the questions I've asked there. Thanks

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h> /* ntohl() function prototype */

 struct rechdr {
 uint32_t framelen;
 uint32_t tracelen;
 uint32_t recrdlen;
 uint32_t pad;
 struct timevalue {
 uint32_t tv_sec;
 uint32_t tv_usec;
 } timestamp;
 };

int main(int argc, char *argv[]) {
 struct rechdr hdrbuf;
 unsigned long framelen;
 unsigned long recrdlen;
 unsigned long arrival_time_sec;
 unsigned long arrival_time_usec;
 double arrival_time; /* in seconds */
 int i, j, k, ifile, frame_no;
 char framebuf[2000];

 if (argc != 2) {
 printf ("Usage: %s ``tracefile''\n", argv[0]);
 exit (-1);
 } /* if */
 if ((ifile = open(argv[1], O_RDONLY, 0)) < 0) {
 perror("open failed.");
 exit (-1);
 } /* if */

 frame_no = 1;
 /* Skip the file header */
 lseek(ifile, 16, SEEK_SET);

 /* Visit each record, read the record header */
 while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
 printf("Frame no : %i \n", frame_no);
 framelen = ntohl(hdrbuf.framelen);
 recrdlen = ntohl(hdrbuf.recrdlen);
 arrival_time_sec = ntohl(hdrbuf.timestamp.tv_sec);
 arrival_time_usec = ntohl(hdrbuf.timestamp.tv_usec);
 arrival_time = arrival_time_sec + (arrival_time_usec/1.0e6);

 printf(" Frame Length = %lu \n", framelen);
 printf(" Arr. Time Seconds = %ld \n", arrival_time_sec);
 printf(" Arr. Time Micro Seconds = %ld \n", arrival_time_usec);

 /* Now read the destination address (which is supposed to be the first 6 bytes directly following the frame header? Is this right?). But the printf command prints out 6 blanks? Any ideas why?*/
 i = read(ifile, framebuf, recrdlen - sizeof(struct rechdr));
 printf("%c, %c, %c, %c, %c, %c", framebuf[0]. framebuf[1]. framebuf[2]. framebuf[3]. framebuf[4]. framebuf[5]);

 frame_no++;
 }
 return (0);
 }
0
Comment
Question by:rich420
2 Comments
 
LVL 45

Accepted Solution

by:
Kdo earned 100 total points
ID: 10799644
Hi rich420,

I'm not sure of the exact spacing, but let's try the obvious.  The octets (bytes) will contain binary values, not characters.

printf("%d, %d, %d, %d, %d, %d", framebuf[0], framebuf[1], framebuf[2], framebuf[3], framebuf[4], framebuf[5]);

Also, the 6 values will be defined as 'unsigned char'.  Your definition of 'char framebuf[]' will cause values over 127 to display as negative numbers.


Good Luck!
Kent
0
 
LVL 8

Expert Comment

by:ssnkumar
ID: 10803555
Hi rich420,

Here is a link which gives a sample program to show how to read trace files.
http://williams.comp.ncat.edu/Networks/readtrace.htm

Hope this helps in solving your problem.

-ssnkumar
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An Outlet in Cocoa is a persistent reference to a GUI control; it connects a property (a variable) to a control.  For example, it is common to create an Outlet for the text field GUI control and change the text that appears in this field via that Ou…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question