C program that will take as input a single binary file containing captured Ethernet d
 

Hello,
I am trying to write C program that will take as input a single binary file containing captured Ethernet data, and print MAC and IP addresses.

Could some one please provide me with an overall idea of how to do it(confused where to start)?

Overall idea? Sure.

Before doing this assignment, you should know the various layers of networking technologies used on the Internet. Specifically, you need to know how headers (and often, footers) are added at each level. These headers contain data such as, oh, MAC and IP addresses.

http://en.wikipedia.org/wiki/Internet_Protocol_Suite
http://en.wikipedia.org/wiki/Internet_protocol
http://en.wikipedia.org/wiki/IPv4
http://en.wikipedia.org/wiki/Ethernet_frame

The ethernet frame has a header, which contains the MAC address, and a body, which consists of an IP packet. The IP packet has a header, which contains an IP address.

Thank you.

but how can i find the location of the addresses from the binary file? should i use offsets?

Study the binary data with a good binary viewer/editor. If offset values are consistent from packet to packet, use offsets. Else, you will have to employ other means. In other words: first determine how you as a human can detect where the germane data are located. Then write your C code accordingly.

You can use a packet disassembler such as wireshark to capture and disassemble ethernet frames. From that you should be able to reverse engineer the packet format.

--- rod.

You need to understand the layout of your file. There maybe a correlation between your file and the network protocols, in which case understanding them will help but a binary file (if that is what it truly is) could be in any format so you need to get to the bottom of that first.

Thank u all.
The first 14 bytes from the file contains the MAC addresses. I am using fopen and fread to read the data into the array, should i allocate memory for the array? could somebody provide a sample code for creating the array and read in data?

You do need to allocate the memory before you read in the data.
You should be able to get examples of using fread() by a simple search, for example this link reads in the whole file, you don't need to do that but pay close attention to the malloc() and fread() statements along with the two error checking statements that follow them.

How can I calculate the payload length, if the packet is udp or tcp?