Solved

IP addresses

Posted on 2004-04-10
2
360 Views
Last Modified: 2010-04-15
Ethernet frame traces have been generated by using the Unix "snoop" utility. I need to extract the source and destination address from each frame. It's probably quite easy but I'm having a bit of trouble getting started. Can you please scroll down to the last comment section and answer the questions I've asked there. Thanks

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h> /* ntohl() function prototype */

 struct rechdr {
 uint32_t framelen;
 uint32_t tracelen;
 uint32_t recrdlen;
 uint32_t pad;
 struct timevalue {
 uint32_t tv_sec;
 uint32_t tv_usec;
 } timestamp;
 };

int main(int argc, char *argv[]) {
 struct rechdr hdrbuf;
 unsigned long framelen;
 unsigned long recrdlen;
 unsigned long arrival_time_sec;
 unsigned long arrival_time_usec;
 double arrival_time; /* in seconds */
 int i, j, k, ifile, frame_no;
 char framebuf[2000];

 if (argc != 2) {
 printf ("Usage: %s ``tracefile''\n", argv[0]);
 exit (-1);
 } /* if */
 if ((ifile = open(argv[1], O_RDONLY, 0)) < 0) {
 perror("open failed.");
 exit (-1);
 } /* if */

 frame_no = 1;
 /* Skip the file header */
 lseek(ifile, 16, SEEK_SET);

 /* Visit each record, read the record header */
 while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
 printf("Frame no : %i \n", frame_no);
 framelen = ntohl(hdrbuf.framelen);
 recrdlen = ntohl(hdrbuf.recrdlen);
 arrival_time_sec = ntohl(hdrbuf.timestamp.tv_sec);
 arrival_time_usec = ntohl(hdrbuf.timestamp.tv_usec);
 arrival_time = arrival_time_sec + (arrival_time_usec/1.0e6);

 printf(" Frame Length = %lu \n", framelen);
 printf(" Arr. Time Seconds = %ld \n", arrival_time_sec);
 printf(" Arr. Time Micro Seconds = %ld \n", arrival_time_usec);

 /* Now read the destination address (which is supposed to be the first 6 bytes directly following the frame header? Is this right?). But the printf command prints out 6 blanks? Any ideas why?*/
 i = read(ifile, framebuf, recrdlen - sizeof(struct rechdr));
 printf("%c, %c, %c, %c, %c, %c", framebuf[0]. framebuf[1]. framebuf[2]. framebuf[3]. framebuf[4]. framebuf[5]);

 frame_no++;
 }
 return (0);
 }
0
Comment
Question by:rich420
2 Comments
 
LVL 45

Accepted Solution

by:
Kdo earned 100 total points
Comment Utility
Hi rich420,

I'm not sure of the exact spacing, but let's try the obvious.  The octets (bytes) will contain binary values, not characters.

printf("%d, %d, %d, %d, %d, %d", framebuf[0], framebuf[1], framebuf[2], framebuf[3], framebuf[4], framebuf[5]);

Also, the 6 values will be defined as 'unsigned char'.  Your definition of 'char framebuf[]' will cause values over 127 to display as negative numbers.


Good Luck!
Kent
0
 
LVL 8

Expert Comment

by:ssnkumar
Comment Utility
Hi rich420,

Here is a link which gives a sample program to show how to read trace files.
http://williams.comp.ncat.edu/Networks/readtrace.htm

Hope this helps in solving your problem.

-ssnkumar
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now