IP addresses

Posted on 2004-04-10
Last Modified: 2010-04-15
Ethernet frame traces have been generated by using the Unix "snoop" utility. I need to extract the source and destination address from each frame. It's probably quite easy but I'm having a bit of trouble getting started. Can you please scroll down to the last comment section and answer the questions I've asked there. Thanks

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h> /* ntohl() function prototype */

 struct rechdr {
 uint32_t framelen;
 uint32_t tracelen;
 uint32_t recrdlen;
 uint32_t pad;
 struct timevalue {
 uint32_t tv_sec;
 uint32_t tv_usec;
 } timestamp;

int main(int argc, char *argv[]) {
 struct rechdr hdrbuf;
 unsigned long framelen;
 unsigned long recrdlen;
 unsigned long arrival_time_sec;
 unsigned long arrival_time_usec;
 double arrival_time; /* in seconds */
 int i, j, k, ifile, frame_no;
 char framebuf[2000];

 if (argc != 2) {
 printf ("Usage: %s ``tracefile''\n", argv[0]);
 exit (-1);
 } /* if */
 if ((ifile = open(argv[1], O_RDONLY, 0)) < 0) {
 perror("open failed.");
 exit (-1);
 } /* if */

 frame_no = 1;
 /* Skip the file header */
 lseek(ifile, 16, SEEK_SET);

 /* Visit each record, read the record header */
 while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
 printf("Frame no : %i \n", frame_no);
 framelen = ntohl(hdrbuf.framelen);
 recrdlen = ntohl(hdrbuf.recrdlen);
 arrival_time_sec = ntohl(hdrbuf.timestamp.tv_sec);
 arrival_time_usec = ntohl(hdrbuf.timestamp.tv_usec);
 arrival_time = arrival_time_sec + (arrival_time_usec/1.0e6);

 printf(" Frame Length = %lu \n", framelen);
 printf(" Arr. Time Seconds = %ld \n", arrival_time_sec);
 printf(" Arr. Time Micro Seconds = %ld \n", arrival_time_usec);

 /* Now read the destination address (which is supposed to be the first 6 bytes directly following the frame header? Is this right?). But the printf command prints out 6 blanks? Any ideas why?*/
 i = read(ifile, framebuf, recrdlen - sizeof(struct rechdr));
 printf("%c, %c, %c, %c, %c, %c", framebuf[0]. framebuf[1]. framebuf[2]. framebuf[3]. framebuf[4]. framebuf[5]);

 return (0);
Question by:rich420
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 45

Accepted Solution

Kent Olsen earned 100 total points
ID: 10799644
Hi rich420,

I'm not sure of the exact spacing, but let's try the obvious.  The octets (bytes) will contain binary values, not characters.

printf("%d, %d, %d, %d, %d, %d", framebuf[0], framebuf[1], framebuf[2], framebuf[3], framebuf[4], framebuf[5]);

Also, the 6 values will be defined as 'unsigned char'.  Your definition of 'char framebuf[]' will cause values over 127 to display as negative numbers.

Good Luck!

Expert Comment

ID: 10803555
Hi rich420,

Here is a link which gives a sample program to show how to read trace files.

Hope this helps in solving your problem.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question