• C

IP addresses

Ethernet frame traces have been generated by using the Unix "snoop" utility. I need to extract the source and destination address from each frame. It's probably quite easy but I'm having a bit of trouble getting started. Can you please scroll down to the last comment section and answer the questions I've asked there. Thanks

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
#include <netinet/in.h> /* ntohl() function prototype */

 struct rechdr {
 uint32_t framelen;
 uint32_t tracelen;
 uint32_t recrdlen;
 uint32_t pad;
 struct timevalue {
 uint32_t tv_sec;
 uint32_t tv_usec;
 } timestamp;

int main(int argc, char *argv[]) {
 struct rechdr hdrbuf;
 unsigned long framelen;
 unsigned long recrdlen;
 unsigned long arrival_time_sec;
 unsigned long arrival_time_usec;
 double arrival_time; /* in seconds */
 int i, j, k, ifile, frame_no;
 char framebuf[2000];

 if (argc != 2) {
 printf ("Usage: %s ``tracefile''\n", argv[0]);
 exit (-1);
 } /* if */
 if ((ifile = open(argv[1], O_RDONLY, 0)) < 0) {
 perror("open failed.");
 exit (-1);
 } /* if */

 frame_no = 1;
 /* Skip the file header */
 lseek(ifile, 16, SEEK_SET);

 /* Visit each record, read the record header */
 while ((i = read(ifile, &hdrbuf, sizeof(struct rechdr))) > 0) {
 printf("Frame no : %i \n", frame_no);
 framelen = ntohl(hdrbuf.framelen);
 recrdlen = ntohl(hdrbuf.recrdlen);
 arrival_time_sec = ntohl(hdrbuf.timestamp.tv_sec);
 arrival_time_usec = ntohl(hdrbuf.timestamp.tv_usec);
 arrival_time = arrival_time_sec + (arrival_time_usec/1.0e6);

 printf(" Frame Length = %lu \n", framelen);
 printf(" Arr. Time Seconds = %ld \n", arrival_time_sec);
 printf(" Arr. Time Micro Seconds = %ld \n", arrival_time_usec);

 /* Now read the destination address (which is supposed to be the first 6 bytes directly following the frame header? Is this right?). But the printf command prints out 6 blanks? Any ideas why?*/
 i = read(ifile, framebuf, recrdlen - sizeof(struct rechdr));
 printf("%c, %c, %c, %c, %c, %c", framebuf[0]. framebuf[1]. framebuf[2]. framebuf[3]. framebuf[4]. framebuf[5]);

 return (0);
Who is Participating?
Kent OlsenConnect With a Mentor Data Warehouse Architect / DBACommented:
Hi rich420,

I'm not sure of the exact spacing, but let's try the obvious.  The octets (bytes) will contain binary values, not characters.

printf("%d, %d, %d, %d, %d, %d", framebuf[0], framebuf[1], framebuf[2], framebuf[3], framebuf[4], framebuf[5]);

Also, the 6 values will be defined as 'unsigned char'.  Your definition of 'char framebuf[]' will cause values over 127 to display as negative numbers.

Good Luck!
Hi rich420,

Here is a link which gives a sample program to show how to read trace files.

Hope this helps in solving your problem.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.