pcap - Traceroute and packet capture -


the following code required capture route taken packet moves local router destination router. should print intermediate routers , ip addresses. code given below. output doesn't list ip addresses. shows 1 router's ip. how can modify code shows intermediate ip addresses? please me out. thank you!

input format: ./a.out (destination ip) (port no) (max_ttl) (max_probe)

the output got this:

./a.out 68.71.216.176 80 10 2

tracing 68.71.216.176 max_ttl 10 on port 80 2 probes

1>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  1>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  2>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  2>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  3>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  3>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  4>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  4>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  5>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  5>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  6>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  6>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  7>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit  7>192.168.1.1:80.....192.168.1.3:35410------------------->time-to-live exceeded: time-to-live exceeded on transit   #include<stdio.h> #include<string.h> #include<stdlib.h> #include<sys/socket.h> #include<netinet/in.h> #include<unistd.h> #include<errno.h> #include<netinet/ip.h> #include<pcap.h> #include<signal.h> #include<arpa/inet.h>  /*ip header*/  struct ip_hdr { unsigned char ip_v:4, ip_hl:4; unsigned char ip_tos; unsigned short int ip_len; unsigned short int ip_id; unsigned short int ip_off; unsigned char ip_ttl; unsigned char ip_p; unsigned short int ip_sum; struct in_addr ip_src, ip_dst; };  /*icmp header*/  struct icmp_hdr { unsigned char icmp_type; unsigned char icmp_code; unsigned short int icmp_chksum; int icmo_nouse; };  struct udp_hdr { unsigned short int udp_srcport; unsigned short int udp_destport; unsigned short int udp_len; unsigned short int udp_chksum; };  int sockfd1; char *buf = "s",dst[inet_addrstrlen],src[inet_addrstrlen]; int ttl,max_ttl,max_probe,pac; struct sockaddr_in servaddr;  pcap_t *handle; unsigned short int port_now; int initiate_pcapsession(); void send_packets(int); void parse(u_char *,const struct pcap_pkthdr *,const u_char *);  int main (int argc, char **argv) { int state; unsigned short int port; if (argc < 5) {     printf ("\n usage ./a.out <d-ip> <port> <maxttl> <maxprobe>\n");     return 0; } port = atoi (argv[2]); max_ttl = atoi (argv[3]); max_probe = atoi (argv[4]);  printf ("tracing %s max_ttl %d on port %u  %d probes\n", argv[1], max_ttl, port, max_probe); servaddr.sin_family = af_inet;  if (inet_pton (af_inet, argv[1], &servaddr.sin_addr) < 0)     {         perror ("\tspecified address invalid:progrm terminates:inet_pton");         return 0;     }  if ((sockfd1 = socket (af_inet, sock_dgram, ipproto_udp)) < 0)     {         perror ("error creating socket:socket");         return 0;     }  if((state=initiate_pcapsession())==-1) {     printf("\ncoudnt create packet capture session:terminating");     return 0; }  (ttl = 1; ttl <= max_ttl; ttl++)     {      port_now=htons(port + ttl -1);         //printf("\n%d>",ttl);         servaddr.sin_port = port_now;         send_packets (ttl);     }  pcap_close(handle); close (sockfd1); return 0; }  int initiate_pcapsession() { int state; char *dev; char errbuf[pcap_errbuf_size]; struct bpf_program fp; char filter_exp[]="icmp , (icmp[0] = 11 , icmp[1] = 0) or (icmp[0] = 3 , icmp[1] = 3)"; bpf_u_int32 mask,net;  if((dev=pcap_lookupdev(errbuf))==null) {     printf("\ncoudnt find  default device: %s\n",errbuf);     return -1; } //  else //      printf("\nfound default device %s ",dev);  if (pcap_lookupnet ("wlan0", &net, &mask, errbuf) == -1) {     printf ("\ncoudn't netmask device %s:%s\n", "wlan0", errbuf);         return -1; }  if ((handle = pcap_open_live ("wlan0", bufsiz, 1, 270000, errbuf)) == null)     {         printf ("\ncoudn't open device %s:%s","wlan0", errbuf);         return -1;     }  if((state=pcap_setnonblock(handle, 1, errbuf))==-1) {     printf("\ncoudn't set capture descriptor non-blocking mode :%s",errbuf);     return -1; }  if (pcap_compile (handle, &fp, filter_exp, 0, net) == -1)     {         printf ("\ncoudn't parse filter %s:%s", filter_exp, pcap_geterr (handle));         return -1;     }  if (pcap_setfilter (handle, &fp) == -1)     {         printf ("\ncoudn't install filter %s:%s\n", filter_exp, pcap_geterr (handle));         return -1;     }  return 1; }  void send_packets( int ttl_now) { pid_t pid; int p,num,status; setsockopt (sockfd1, ipproto_ip, ip_ttl, &ttl_now, sizeof (ttl_now));  for(p=1;p<=max_probe;p++) {         if ((sendto(sockfd1, buf, sizeof (buf), 0, (struct sockaddr *) &servaddr,sizeof (servaddr))) == -1)             {                 perror ("sendto");             }             else             {             pac+=1;                     //printf("\n\t\tsent packet %d",pac);                     if((pid=fork())<0)                     {                         perror("fork");                             exit(0);                     }                     if(pid==0)                     {                             num=pcap_loop(handle,-1,parse,null);                             if(num)                  printf("\npcap_dispatch:%d packets captured",num);                             else                     printf("\npcap_dispatch:no pcakets captured");                     }                     else                     {                             sleep(1);                             //wait(&status);                             kill(pid,sigstop);                     }     } } }  void parse(u_char *args,const struct pcap_pkthdr *header,const u_char *packet) { struct ip_hdr *ip1 = (struct ip_hdr *) (packet + 14);   /*initialising ip pointer beyond sll protocol header 16 bytes */ struct icmp_hdr *icmp = (struct icmp_hdr *) (packet + 14 + sizeof (struct ip_hdr)); struct ip_hdr *ip2 = (struct ip_hdr *) (packet + 14 + sizeof (struct ip_hdr) + sizeof (struct icmp_hdr)); struct udp_hdr *udp = (struct udp_hdr *) (packet + 14 + sizeof (struct ip_hdr) + sizeof (struct icmp_hdr) + sizeof (struct ip_hdr));      //if (ntohs (udp->udp_destport) == ntohs (port_now))     //{     inet_ntop (af_inet, &ip1->ip_dst, dst, 16);     inet_ntop (af_inet, &ip1->ip_src, src, 16);     printf ("\n\t%d>%s:%u.....%s:%u------------------->",ttl, src,ntohs (udp->udp_destport), dst,ntohs (udp->udp_srcport));  if(icmp->icmp_code==0)         printf("time-to-live exceeded: time-to-live exceeded on transit\n"); else if(icmp->icmp_code==3)         printf("destination unreachable: port unreachable\n"); //}  exit(0); }

this type of icmp packet has 2 ip headers. address you're looking not in ip1 (which you're printing), it's in ip2 (which did load, did not print values it).


Comments

Post a Comment

Popular posts from this blog

.htaccess - First slash is removed after domain when entering a webpage in the browser -

sometimes when hit address of webpage in browser, removes first slash after domain. examples: www.mywebsite.com/scripts/script_6.php -> trying load www.mywebsite.comscripts/script_6.php www.mywebsite.com/test.php -> trying load www.mywebsite.comtest.php after entering again, loads page. a .htaccess settings must wrong: rewritebase / errordocument 404 http://www.mywebsite.com/oops.php errordocument 401 /notallowed.php rewriteengine on # turn on rewriting engine #gzip <ifmodule mod_deflate.c> addoutputfilterbytype deflate text/text text/html text/plain text/xml text/css application/x- javascript application/javascript </ifmodule> #end gzip rewritecond %{http_host} ^mywebsite\.com rewriterule ^(.*)$ http://www.mywebsite.com$1 [r=permanent,l] directoryindex index6.php rewriterule ^termsofuse/?$ termsofuse.php [nc,l] # handle requests "adpolicy" rewriterule ^privacy-policy/?$ privacy-policy.php [nc,l] # handle requ...
Read more

Socket.connect doesn't throw exception in Android -

if put nonsense url no exception thrown , none of rest of code executed not rest of asynctask called method connects. try { socketcliente.connect(new inetsocketaddress("f", port), 2000); } catch (unknownhostexception e) { geterror("host doesn't exist"); return -1; } catch (ioexception e) { geterror("could not connect: host down"); return -1; } add catch statement. catch ( exception e ) { log.d(tag, e.getmessage(),e); toast.maketext(getapplicationcontext(), "unexpected error:" + e.getmessage(), toast.length_long).show(); } this write log , pop toast tell what's going on.
Read more

SPSS keyboard combination alters encoding -

my question not have programming practical issue on spss. accident keyword combination cannot remember because did not intend press changed encoding in spss , text in data in different language english shown small boxes. nevertheless, when kind of analysis performed different language text shown in output. does know reason? tried change encoding did not produce result. first, @ edit > options , see whether setting unicode or locale. might fix it. if have text in multiple languages, want unicode. otherwise, may have specific locale set wrong. can change set locale, need know locale want use.
Read more