Hi,
I am writing a very basic raw ethernet sniffer based on what I found
in Andreas Schaufler's raw ethernet article: http://aschauf.landshut.org/fh/linux...w/ch01s03.html
I'm trying to print the output of each ethernet frame in both
hexadecimal and character representations . I'm new at network
programming in C. Here's a code snippet:
while(1)
{
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1) {
printf("Error receiving ethernet frame...\n");
}
else {
printf("Hex:\n\ n");
for (int i = 0; i < length; i++)
{
printf("%x" buffer[i]);
}
printf("\n\nCha r:\n\n");
for (int i = 0; i < length; i++)
{
printf("%c" buffer[i]);
}
}
}
Most of the characters I get are shown in two digit hexadecimal
representation like this "A0". But sometimes I get something like
"FFFFFFFF" or "FFFFFFA0". Why does this happen? I also compared the
results of using the Linux wireshark sniffer and my program, and
noticed different hexadecimal values for the frames. I know wireshark
is correct, so what am I doing wrong? Any help is appreciated.
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell? 11  18743 
On Oct 22, 2:58 pm, gustavo.sam...@ gmail.com wrote:
Hi,
I am writing a very basic raw ethernet sniffer based on what I found
in Andreas Schaufler's raw ethernet article:http://aschauf.landshut.org/fh/linux...w/ch01s03.html
I'm trying to print the output of each ethernet frame in both
hexadecimal and character representations . I'm new at network
programming in C. Here's a code snippet:
while(1)
{
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1) {
printf("Error receiving ethernet frame...\n");
}
else {
printf("Hex:\n\ n");
for (int i = 0; i < length; i++)
{
printf("%x" buffer[i]);
}
printf("\n\nCha r:\n\n");
for (int i = 0; i < length; i++)
{
printf("%c" buffer[i]);
}
}
}
Most of the characters I get are shown in two digit hexadecimal
representation like this "A0". But sometimes I get something like
"FFFFFFFF" or "FFFFFFA0". Why does this happen? I also compared the
results of using the Linux wireshark sniffer and my program, and
noticed different hexadecimal values for the frames. I know wireshark
is correct, so what am I doing wrong? Any help is appreciated.
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?
The data type of buffer is not specified, but I guess signed char.
The printf() function is a varadic function. So signed char will
promote to what by default promotions?
It would have been funnier if the poster was named 'minus'.
I guess that if you change your data type to unsigned char, it may
surprise you a bit. gu************@ gmail.com wrote:
[...]
Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?
The %X specifier expect an 'unsigned int' type, you can try e.g.
int write_hex(FILE *out, unsigned char *binary, size_t binary_len)
{
size_t i;
int n = 0;
for (i=0; i<binary_len; i++)
{
n = fprintf(out, "%02X", binary[i]);
}
return n;
}
instead.
--
Tor <torust [at] online [dot] no>
"Technical skill is mastery of complexity, while creativity is mastery
of simplicity"
Tor Rustad wrote:
gu************@ gmail.com wrote:
[...]
>Note: I posted this in alt.comp.lang.c before and someone named
"mimus" said the "FFFFFFFF" behavior could be a signed/unsigned
problem. How can I tell?
The %X specifier expect an 'unsigned int' type, you can try e.g.
int write_hex(FILE *out, unsigned char *binary, size_t binary_len)
{
size_t i;
int n = 0;
for (i=0; i<binary_len; i++)
{
n = fprintf(out, "%02X", binary[i]);
I forgot to put in some error check here for n<0, also the 'n' return
value is rather misleading, since it typically doesn't return the total
length printed.
--
Tor <torust [at] online [dot] no>
"Technical skill is mastery of complexity, while creativity is mastery
of simplicity"
Tor Rustad said:
Tor Rustad wrote:
<snip>
>int write_hex(FILE *out, unsigned char *binary, size_t binary_len)
{
size_t i;
int n = 0;
for (i=0; i<binary_len; i++)
{
n = fprintf(out, "%02X", binary[i]);
I forgot to put in some error check here for n<0, also the 'n' return
value is rather misleading, since it typically doesn't return the total
length printed.
This can easily be fixed with +=, or the function could simply return
ferror(out) instead.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
You guys were right. I was using a signed char. I changed it to
unsigned char and I noticed the following change:
the "ffffffff" or "ffffffa0" now appear as "ff" and "a0" respectively.
I also noticed I was trying to print some unprintable characters using
printf("%c", thechar)...char acters like the frame header (silly me).
So thanks! It worked.
But now I noticed some odd behavior. I'm sending some raw ethernet
packets from a Windows machine and sniffing them in my linux box. When
I only run my C program, those packets are not received for some
reason. But when I run both my program and the Wireshark capture
SIMULTANEOUSLY, I DO receive those packets coming from my Windows
machine. Any ideas? Is there some sort of flag I'm not setting in my
code that gets set in Wireshark? Here's my code:
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
int main(void)
{
int i = 0;
int s; /*socketdescript or*/
int frameCount = 1;
int MAX_FRAMES = 1000;
s = socket(AF_PACKE T, SOCK_RAW, htons(ETH_P_ALL ));
if (s == -1) { printf("ERROR BINDING SOCKET...\n"); exit(0); }
unsigned char* buffer = (unsigned char*)malloc(ET H_FRAME_LEN); /
*Buffer for ethernet frame*/
int length = 0; /*length of the received frame*/
while(frameCoun t <= MAX_FRAMES){
length = recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
if (length == -1)
{
printf("Error while receiving ethernet frame...\n");
}
else {
printf("Frame %d (hex)\n\n", frameCount);
for(i=0; i<length; i++)
{
printf("%.2x ", buffer[i]);
}
printf("\n\n");
printf("Frame %d (char)\n\n", frameCount);
for(i=0; i<length; i++)
{
if (buffer[i] 32 && buffer[i] <= 127 )
printf("%c ", buffer[i]);
else
printf(". ");
}
printf("\n\n");
frameCount++;
}
}
close(s);
}
gu************@ gmail.com wrote:
You guys were right. I was using a signed char. I changed it to
unsigned char and I noticed the following change:
the "ffffffff" or "ffffffa0" now appear as "ff" and "a0" respectively.
I also noticed I was trying to print some unprintable characters using
printf("%c", thechar)...char acters like the frame header (silly me).
So thanks! It worked.
But now I noticed some odd behavior. I'm sending some raw ethernet
packets from a Windows machine and sniffing them in my linux box. When
I only run my C program, those packets are not received for some
reason. But when I run both my program and the Wireshark capture
SIMULTANEOUSLY, I DO receive those packets coming from my Windows
machine. Any ideas? Is there some sort of flag I'm not setting in my
code that gets set in Wireshark? Here's my code:
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
<snip rest>
I think this might be the point where it might be fruitful to take your
problem over to a UNIX or Linux group like <news:comp.unix .programmer>,
<news:comp.os.l inux.developmen t.apps>,
<news:comp.os.l inux.developmen t.system>,
<news:comp.os.l inux.networking >
etc.
On 22 oct, 17:26, santosh <santosh....@gm ail.comwrote:
gustavo.sam...@ gmail.com wrote:
You guys were right. I was using a signed char. I changed it to
unsigned char and I noticed the following change:
the "ffffffff" or "ffffffa0" now appear as "ff" and "a0" respectively.
I also noticed I was trying to print some unprintable characters using
printf("%c", thechar)...char acters like the frame header (silly me).
So thanks! It worked.
But now I noticed some odd behavior. I'm sending some raw ethernet
packets from a Windows machine and sniffing them in my linux box. When
I only run my C program, those packets are not received for some
reason. But when I run both my program and the Wireshark capture
SIMULTANEOUSLY, I DO receive those packets coming from my Windows
machine. Any ideas? Is there some sort of flag I'm not setting in my
code that gets set in Wireshark? Here's my code:
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h>
<snip rest>
I think this might be the point where it might be fruitful to take your
problem over to a UNIX or Linux group like <news:comp.unix .programmer>,
<news:comp.os.l inux.developmen t.apps>,
<news:comp.os.l inux.developmen t.system>,
<news:comp.os.l inux.networking >
etc.
Good idea, thanks Santosh!
Richard Heathfield wrote:
Tor Rustad said:
[...]
>> n = fprintf(out, "%02X", binary[i]);
I forgot to put in some error check here for n<0, also the 'n' return
value is rather misleading, since it typically doesn't return the total
length printed.
This can easily be fixed with +=,
Yes, which left on purpose as an exercise to OP. :)
or the function could simply return
ferror(out) instead.
In the general case (even if not relevant here), I think the n<0 check
is needed, since I don't expect ferror() to catch fprintf() encoding errors.
--
Tor <torust [at] online [dot] no>
"Technical skill is mastery of complexity, while creativity is mastery
of simplicity"
Tor Rustad said:
Richard Heathfield wrote:
>>
This can easily be fixed [...]
Yes, which left on purpose as an exercise to OP. :)
Whoops! Sorry, Tor.
--
Richard Heathfield <http://www.cpax.org.uk >
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: matthias |
last post by:
hello everybody,
i want to capture traffic in promiscous mode from ethernet adapter. i
have visual studio and the framework sdk installed. i have read at the
msdn library about the network monitor architecture. but i did not
find any concrete examples or howtos about programming. i expected i
could use some library funktions like adding a filter, retriving
captured frames from a system api,... but the help documents say the
network...
|
by: Brandon Potter |
last post by:
Looking for a good packet capture library in .NET capable of capturing
packets (whether natively or through third party/WinPCap, etc.).
Or, at least, a library capable of decoding packet information. Haven't seen
a great library or any wrappers around thus far in .NET that work really
well... Seen a few on CodeProject and the like but they're either in really
bad form or don't decode the information. Anyone have any good sources?
|
by: Pieter Claassen |
last post by:
Ok, I have something that works, but I don't understand why.
I use libpcap to get data of the wire and then initially I casted the
packet to ethernet, then marched along the memory in chunks of bytes for
the length of the ethernet header until I reached the IP header and so
forth...
So, I changed my code and now process the ethernet header after which I
pass the size of the the ethernet header to be deducted and a pointer to
the the...
|
by: pmm |
last post by:
hi
I am a beginner in network programming I am trying out a UDP packet
transfer between a windows machine and a linux I created a structure on
both sides (ie on linux and on windows) and I sent using a UDP but the
packetI captured appeared to be with some extra-added data
I tried to clear the buffer before packet is ordered and sent and even
cleared the buff before capturing it on receiving side I am placing
both the print and structure I...
|
by: khaled |
last post by:
hi i am developing a java program to capture the network traffic (TCP/IP) using the jpcap.jar files and when i intends to run the examples with it i get the follwing error:
cannot access jpcap.packet.EthernetPacket bad class file: C:\j2sdk1.4.2_09\jre\lib\ext\jpcap.jar(jpcap/packet/EthernetPacket.class)
class file has wrong version 49.0, should be 48.0
Please remove or make sure it appears in the correct subdirectory of the classpath....
| | |
by: sangith |
last post by:
Hi
Can anyone suggests me a good exercise which involves Packet capture. I work in the area of Networking and hence I would be interested to do a good project in my area to get a hands on knowledge in Perl.
I woulkd appreciate your response.
Thanks,
Sangeetha
|
by: sangith |
last post by:
Hi,
I tried the packet capture module program.
I did a file transfer using ftp from this host to another server.
But when I ran the program, it was just hanging off and it did not print the src ip, dst ip, src port, dst port.
Should I run this program as a Daemon? If so, how do I do that?
I would appreciate your response.
|
by: ayu |
last post by:
ello..im ayu.i new at here.i how u all can help me. i need to do some project about capture packet by using C#.net.but i don't have any experience about it.can anybody help me?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
