C++

Forum

 
Using WinPcap to get TCP Data

Jo40481 (1)
I want to use WinPcap to write the data inside the TCP-Pakage into an array.

For that i read the WinPcap tutorial and some source codes from sourceforge.net. Until now i can choose the Network adapter and see packetsizes. I also integrated an filter on a special port.
Now i want to have the data written into an array, if possible always 2nibble (byte) into one array field. I know how to build the array with the size of tha data package coming, but how do i get the data unside the array?

Some more Information:
Using Win Xp and Visual Studio 2008. My c++ skills are not the best, but should be ok. The protocol i want to sniff is non official one, but it is after TCP/IP, so if i can ignore the headers of ethernet and TCP/IP und only get the data after that, this would be nice. If there is an solution to kumb into tha datafield after the tcp-header, htis would be better i think.

My probem is, i don't knwo how to start with that. First time using WinpCap.
My code as it is now:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
 
#include <pcap.h>
#include <Tchar.h>
#include <iostream>
#include <stdio.h>
#include <stdlib.h>

#include <winsock2.h>

using namespace std;

//Ethernet Header
typedef struct ether_header {
	unsigned char ether_dhost[6];	// destination
	unsigned char ether_shost[6];	// source
	unsigned short ether_type;
}ETHHEADER,*PETHHEADER;

//IPv4 Header
typedef struct ip_header {
	unsigned char ver_ihl;		// version
	unsigned char tos;			// type of service
	unsigned short tlen;		// total lenght
	unsigned short identification;
	unsigned short flags_fo;	// Flags
	unsigned char ttl;			// time to live
	unsigned char proto;		// protocol
	unsigned char crc;			// checksum
	u_char ip_src[4];			// source IP
	u_char ip_dst[4];			// destination IP
}IPHEADER,*PIPHEADER;

// TCP Header
typedef struct tcp_header {
	WORD sourceport;			// source port
	WORD destport;				// destination port
	DWORD seqno;				// sequenz number
	DWORD ackno;				// acknowledge number
	BYTE hlen;					// Header length
	BYTE flag;					// flags
	WORD window;				// window
	WORD chksum;				// checksum
	WORD urgptr;				// urgend pointer
}TCPHEADER,*PTCPHEADER;

int _tmain(int argc, _TCHAR* argv[])
{
    pcap_if_t           * allAdapters;
    pcap_if_t           * adapter;
    pcap_t           * adapterHandle;
    struct pcap_pkthdr * packetHeader;
    const u_char       * packetData;
    char                 errorBuffer[ PCAP_ERRBUF_SIZE ];

	unsigned int netmask = 0xffffff;				// netmask to recieve from all IPs
	char packet_filter[] = "tcp port 5055";			// Filter set to Port 5055 for SCIP
	struct bpf_program fcode;

//--------------------------------------------------------------------------
    // retrieve the adapters from the computer
	// you can choose which adapter you want to use
	// also Filter for Port 5055 (can be changed above) is set here, to keep traffic as low as possible

    if( pcap_findalldevs_ex( PCAP_SRC_IF_STRING, NULL, 
            &allAdapters, errorBuffer ) == -1 )
    {
        fprintf( stderr, "Error in pcap_findalldevs_ex function: %s\n", errorBuffer );
        return -1;
    }

    // if there are no adapters, print an error
    if( allAdapters == NULL )
    {
    printf( "\nNo adapters found! Make sure WinPcap is installed.\n" );
        return 0;
    }

    // print the list of adapters along with basic information about an adapter
    int crtAdapter = 0;
    for( adapter = allAdapters; adapter != NULL; adapter = adapter->next)
    {
    printf( "\n%d.%s ", ++crtAdapter, adapter->name );
    printf( "-- %s\n", adapter->description );
    }

    printf( "\n" );

    int adapterNumber;

    printf( "Enter the adapter number between 1 and %d:", crtAdapter );
    scanf_s( "%d", &adapterNumber );
    
    if( adapterNumber < 1 || adapterNumber > crtAdapter )
    {
        printf( "\nAdapter number out of range.\n" );

        // Free the adapter list
        pcap_freealldevs( allAdapters );

        return -1;
    }
    
    // parse the list until we reach the desired adapter
    adapter = allAdapters;
    for( crtAdapter = 0; crtAdapter < adapterNumber - 1; crtAdapter++ )
    adapter = adapter->next;

	// open the adapter with promiscous mode enabled
    adapterHandle = pcap_open( adapter->name,	// name of the adapter
                               65536,			// portion of the packet to capture
												// 65536 guarantees that the whole
												// packet will be captured
                               PCAP_OPENFLAG_PROMISCUOUS,	// promiscuous mode
                               1000,            // read timeout - 1 millisecond
                               NULL,			// authentication on the remote machine
                               errorBuffer		// error buffer
                              );

    if( adapterHandle == NULL )
    {
        fprintf( stderr, "\nUnable to open the adapter\n", adapter->name );

	// compile the filter
	if (pcap_compile(adapterHandle, &fcode, packet_filter, 1, netmask) > 0)
	{
		cout<<endl<<"Unable to compile the packet filter. Check Syntax!"<<endl;
		pcap_freealldevs(allAdapters);
		return -1;
	}

	// setting the filter
	if (pcap_setfilter(adapterHandle, &fcode) > 0)
	{
		cout<<endl<<"Error setting filter!"<<endl;
		pcap_freealldevs(allAdapters);
		return -1;
	}
        // Free the adapter list
        pcap_freealldevs( allAdapters );
        return -1;
    }
    
    printf( "\nCapture session started on  adapter %s...\n", adapter->name );

    // free the adapter list
    pcap_freealldevs( allAdapters );

//--------------------------------------------------------------------------
    // this is the most important part of the application
    // here we start receiving packet traffic
	// then save information inside the packet into array
    int retValue;
    while( ( retValue = pcap_next_ex( adapterHandle, 
                      &packetHeader, 
                      &packetData ) ) >= 0 )
    {
    // timeout elapsed if we reach this point
    if( retValue == 0 )
            continue;

    // Just for testing we print only the length of the packet here
    //printf( "length of packet: %d\n", packetHeader );


	// saving data to array

	}
    
    // if we get here, there was an error reading the packets
    if( retValue == -1 )
    {
        printf( "Error reading the packets: %s\n", pcap_geterr( adapterHandle ) );
        return -1;
    }

    system( "PAUSE" );
    return 0;
}
Topic archived. No new replies allowed.