Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:

IP addresses

Ethernet frame traces have been generated by using the Unix "snoop" utility. I need to extract the source and destination address from each frame. It's probably quite easy but I'm having a bit of trouble getting started. Can you please scroll down to the last comment section and answer the questions I've asked there. Thanks

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h> /* ntohl() function prototype */

 struct rechdr {
 uint32_t framelen;
 uint32_t tracelen;
 uint32_t recrdlen;
 uint32_t pad;
 struct timevalue {
 uint32_t tv_sec;
 uint32_t tv_usec;
 } timestamp;

int main(int argc, char *argv[]) {
 struct rechdr hdrbuf;
 unsigned long framelen;
 unsigned long recrdlen;
 unsigned long arrival_time_sec;
 unsigned long arrival_time_usec;
 double arrival_time; /* in seconds */
 int i, j, k, ifile, frame_no;
 char framebuf[2000];

 if (argc != 2) {
 printf ("Usage: %s ``tracefile''\n", argv[0]);
 exit (-1);
 } /* if */
 if ((ifile = open(argv[1], O_RDONLY, 0)) < 0) {
 perror("open failed.");
 exit (-1);
 } /* if */

 frame_no = 1;
 /* Skip the file header */
 lseek(ifile, 16, SEEK_SET);

 /* Visit each record, read the record header */
 while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
 printf("Frame no : %i \n", frame_no);
 framelen = ntohl(hdrbuf.framelen);
 recrdlen = ntohl(hdrbuf.recrdlen);
 arrival_time_sec = ntohl(hdrbuf.timestamp.tv_sec);
 arrival_time_usec = ntohl(hdrbuf.timestamp.tv_usec);
 arrival_time = arrival_time_sec + (arrival_time_usec/1.0e6);

 printf(" Frame Length = %lu \n", framelen);
 printf(" Arr. Time Seconds = %ld \n", arrival_time_sec);
 printf(" Arr. Time Micro Seconds = %ld \n", arrival_time_usec);

 /* Now read the destination address (which is supposed to be the first 6 bytes directly following the frame header? Is this right?). But the printf command prints out 6 blanks? Any ideas why?*/
 i = read(ifile, framebuf, recrdlen - sizeof(struct rechdr));
 printf("%c, %c, %c, %c, %c, %c", framebuf[0]. framebuf[1]. framebuf[2]. framebuf[3]. framebuf[4]. framebuf[5]);

 return (0);
1 Solution
Kent OlsenData Warehouse Architect / DBACommented:
Hi rich420,

I'm not sure of the exact spacing, but let's try the obvious.  The octets (bytes) will contain binary values, not characters.

printf("%d, %d, %d, %d, %d, %d", framebuf[0], framebuf[1], framebuf[2], framebuf[3], framebuf[4], framebuf[5]);

Also, the 6 values will be defined as 'unsigned char'.  Your definition of 'char framebuf[]' will cause values over 127 to display as negative numbers.

Good Luck!
Hi rich420,

Here is a link which gives a sample program to show how to read trace files.

Hope this helps in solving your problem.


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now