| SaTaN |
01-19-2004 10:59 PM |
ICMP Packet capture
I have managed to capture icmp packets using winpcap on windows .
Code:
#include <pcap.h>
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
int main()
{
pcap_if_t *alldevs;
pcap_if_t *dev;
int i=0;
char errbuf[PCAP_ERRBUF_SIZE];
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
struct bpf_program filter;
char filter_app[] = "icmp";
struct pcap_pkthdr header;
/* Retrieve the device list */
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for(dev=alldevs;dev;dev=dev->next)
{
printf("%d. %s", ++i, dev->name);
if (dev->description)
printf(" \n (%s)\n", dev->description);
else printf(" (No description available)\n");
pcap_lookupnet(dev->name, &net, &mask, errbuf);
handle = pcap_open_live(dev->name, BUFSIZ, 1, 0, errbuf);
pcap_compile(handle, &filter, filter_app, 0, net);
pcap_setfilter(handle, &filter);
printf("\n Sniffing %s::",dev->name);
pcap_loop(handle, 0, packet_handler, NULL);
pcap_close(handle);
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return 0;
}
/* We don't need any more the device list. Free it */
pcap_freealldevs(alldevs);
return 0;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
/* convert the timestamp to readable format */
ltime=localtime(&header->ts.tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf(" \n %s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
}
Now I need to check if the request is for a ping . Can you please me as to how to do that ... |
