Hey all. This is definitely a homework assignment, I'll say that up front. I've got the code written, but I'm having a compile problem. Basically, we have to pull packets in off the wire then decode them, one layer at a time. This problem is with the Ethernet header when I check to see if it is a broadcast packet. When I compile, I get the following errors:
* warning: comparison is always false due to limited range of data type
- This warning references the part of my code where I'm checking for broadcast packets. Look for " if ((eth_destination[0] == 0xFF ) " in my code.
* netdump.c:323: error: expected declaration or statement at end of input
- This error is referencing the end of my raw_print routine. Am I missing some syntax here?
So, what am I doing wrong?
Here's the code for the whole subroutine that does the work:
Any ideas?Code:void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p) { { u_int length = h->len; u_int caplen = h->caplen; /* At this point we start extracting data from the packet, with the var idx keeping up with where we are in the packet */ // Print total packet size printf("\nPacket Length\t%d bytes", h->len); // Decode Ethernet (Layer 2) Header Info int idx; // counter variable for indexing through packet char eth_destination[6]; // var to store the ethernet destination address char eth_source[6]; // var to store the ethernet source address short eth_type; // var to store the ethernet type value char eth_payload[10]; // string array to store payload description char eth_bcast[6] = "0xFF"; // Extract Ethernet Destination Address (1st 6 bytes) for ( idx = 0; idx < 6; idx++) { eth_destination[idx] = p[idx]; } // Extract Ethernet Source Address (2nd 6 bytes) for ( idx = 6; idx < 12; idx++) { eth_source[idx-6] = p[idx]; } // Combine two byte Ethernet Type/Length field into one value eth_type = p[12] * 256 + p[13]; // Check the packet type and increment related counter if ( eth_type >= 0x600) { switch ( eth_type ) { case 0x800: // Check to see if the type indicates that the packet is IP ctrIP++; strcpy(eth_payload, "IP"); break; case 0x806: // Check to see if the type indicates that the packet is ARP ctrARP++; strcpy(eth_payload, "ARP"); break; default: break; } } // Check to see if the destination was a broadcast packet and increment related counter /* if ((eth_destination[0] == 0xFF ) && (eth_destination[1] == 0xFF ) && (eth_destination[2] == 0xFF ) && (eth_destination[3] == 0xFF ) && (eth_destination[4] == 0xFF ) && (eth_destination[5] == 0xFF )) { ctrBCAST++; } */ // Print Ethernet (Layer 2) Header Info printf("Layer\tField\tValue\n"); printf("ETHERNET\tDestination\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_destination[0],eth_destination[1],eth_destination[2],eth_destination[3],eth_destination[4],eth_destination[5]); printf("\t\tSource\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_source[0],eth_source[1],eth_source[2],eth_source[3],eth_source[4],eth_source[5]); printf("\t\tType\t0x%02x\n", eth_type); printf("\t\tPayload\t%s\n", eth_payload); // All packets will have ethernet info (decoded and printed above). // At this point we have to determine what kind of data is at the next layer up (layer 3) and decode/print the data accordingly. // This is done based on the eth_type variable. if ( eth_type >= 0x600) { switch ( eth_type ) { case 0x800: // IP Packet // insert code to decode and print IP (should this be a separate sub-routine? break; case 0x806: // ARP Packet // insert code to decode and print ARP break; default: break; } } exit(0); }
Originally Posted by bosque
