Solved

Payload from pcap (Linux c)

Posted on 2010-08-27
13
1,279 Views
Last Modified: 2012-05-10
Hi guys,

I've followed the examples from this site:

http://www.systhread.net/texts/200805lpcap1.php

Near the end he has the line:

        fprintf(stdout,"%s", payload);


This raises a compile error because payload isn't defined. The thing is, I need to get the payload. I've looked at some of the other examples, but I'm not sure how they got to the payload because the example apps are pretty different.

What I'm looking for is a line of code I can put before that fprintf statement that will contain the payload (that is just the data) from the packet.

Thanks in advance!
0
Comment
Question by:PMembrey
  • 7
  • 6
13 Comments
 
LVL 53

Expert Comment

by:Infinity08
ID: 33540437
Try this :
char* payload = (char*) (packet + sizeof(struct ether_header) + sizeof(struct nread_ip) + sizeof(struct nread_tcp));

Open in new window

0
 
LVL 53

Expert Comment

by:Infinity08
ID: 33540445
For pcap programming, have a look at :

        http://www.tcpdump.org/pcap.htm
0
 

Author Comment

by:PMembrey
ID: 33540452
Tried that but it's from a different example and even when I tried building it in a separate app I didn't have much luck.

So what I'm looking for is someone to give me the code that works in the example provided on the site in my first message :-)
0
 
LVL 53

Accepted Solution

by:
Infinity08 earned 500 total points
ID: 33540474
well, see my first post :) That contains a line of code that should do what you want.

Maybe the code snippet didn't come through correctly ? I'll re-prost the code :

        char* payload = (char*) (packet + sizeof(struct ether_header) + sizeof(struct nread_ip) + sizeof(struct nread_tcp));
0
 

Author Comment

by:PMembrey
ID: 33540477
If you look at the example on the page you will see that none of those variables that you are doing sizeof() on exist :)
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 33540994
They're not variables, but types, and they are the same types that are used earlier in that code, in a similar way - eg. :

        ip = (struct nread_ip*)(packet + sizeof(struct ether_header));
        tcp = (struct nread_tcp*)(packet + sizeof(struct ether_header) + sizeof(struct nread_ip));


Those types are defined in pkt.h, listed here :

        http://www.systhread.net/texts/200901pcap3.php
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:PMembrey
ID: 33543366
hmm, the code still doesn't compile though - but I won't be able to try it again until Monday. Therefore I'd request that no one else posts a response as if I can get it working with infinity08's suggestions, s/he will get all the points.
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 33543554
>> the code still doesn't compile though

If you want, you can just post the code you're using here, and I'll have a look at it.
0
 

Author Comment

by:PMembrey
ID: 33555423
Okay,

I've put that line of code in and it compiles perfectly - not sure what I was doing wrong before....

But now I have a new but related question which is how do I now use 'payload'. Say I want to dump the raw packet data to a file, could you provide a really simple example as to how I can do that?
0
 

Author Comment

by:PMembrey
ID: 33555470
Also whatever I try, be it strlen or sizeof, it never seems to have much in the way of data in the payload - even though I know it's a large packet....
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 33556089
>> But now I have a new but related question which is how do I now use 'payload'.

Please click the "Ask a Related Question" button, and ask a new question for this. To keep things tidy and easy to manage, different questions have to be kept separate :)


>> Also whatever I try, be it strlen or sizeof, it never seems to have much in the way of data in the payload - even though I know it's a large packet....

Don't use strlen, unless you know the payload is a string that is terminated by a '\0' character (which is rarely the case).
Don't use sizeof ever - it'll return the size of the pointer, not the data it points to.

In the code you're using, the size of the payload is :

        size_t payload_size = len - sizeof(struct nread_ip) - sizeof(struct nread_tcp);
0
 

Author Comment

by:PMembrey
ID: 33556143
That would be dynamic? The payload size will vary I would have thought...
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 33556204
>> That would be dynamic?

If you look at the code, you will see that the 'len' variable was obtained from the IP header. And specifically from the 'total length' field in the IP header. That field specifies the total length of the IP datagram for that specific packet.
To get the length of the payload, all you need to do, is subtract the length of the IP and TCP headers.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you thought about creating an iPhone application (app), but didn't even know where to get started? Here's how: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Important pre-programming comments: I’ve never tri…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
The goal of this video is to provide viewers with basic examples to understand and use pointers in the C programming language.
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now