Hey all. This is definitely a homework assignment, I'll say that up front. I've got the code written, but I'm having a compile problem. Basically, we have to pull packets in off the wire then decode them, one layer at a time. This problem is with the Ethernet header when I check to see if it is a broadcast packet. When I compile, I get the following errors:
* warning: comparison is always false due to limited range of data type
- This warning references the part of my code where I'm checking for broadcast packets. Look for " if ((eth_destination[0] == 0xFF ) " in my code.
* netdump.c:323: error: expected declaration or statement at end of input
- This error is referencing the end of my raw_print routine. Am I missing some syntax here?
So, what am I doing wrong?
Here's the code for the whole subroutine that does the work:
Code:
void raw_print(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
{ {
u_int length = h->len;
u_int caplen = h->caplen;
/* At this point we start extracting data from the packet, with the var idx keeping up with where we are in the packet */
// Print total packet size
printf("\nPacket Length\t%d bytes", h->len);
// Decode Ethernet (Layer 2) Header Info
int idx; // counter variable for indexing through packet
char eth_destination[6]; // var to store the ethernet destination address
char eth_source[6]; // var to store the ethernet source address
short eth_type; // var to store the ethernet type value
char eth_payload[10]; // string array to store payload description
char eth_bcast[6] = "0xFF";
// Extract Ethernet Destination Address (1st 6 bytes)
for ( idx = 0; idx < 6; idx++)
{
eth_destination[idx] = p[idx];
}
// Extract Ethernet Source Address (2nd 6 bytes)
for ( idx = 6; idx < 12; idx++)
{
eth_source[idx-6] = p[idx];
}
// Combine two byte Ethernet Type/Length field into one value
eth_type = p[12] * 256 + p[13];
// Check the packet type and increment related counter
if ( eth_type >= 0x600) {
switch ( eth_type )
{
case 0x800: // Check to see if the type indicates that the packet is IP
ctrIP++;
strcpy(eth_payload, "IP");
break;
case 0x806: // Check to see if the type indicates that the packet is ARP
ctrARP++;
strcpy(eth_payload, "ARP");
break;
default:
break;
}
}
// Check to see if the destination was a broadcast packet and increment related counter
/*
if ((eth_destination[0] == 0xFF ) && (eth_destination[1] == 0xFF ) && (eth_destination[2] == 0xFF ) && (eth_destination[3] == 0xFF ) && (eth_destination[4] == 0xFF ) && (eth_destination[5] == 0xFF )) {
ctrBCAST++;
}
*/
// Print Ethernet (Layer 2) Header Info
printf("Layer\tField\tValue\n");
printf("ETHERNET\tDestination\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_destination[0],eth_destination[1],eth_destination[2],eth_destination[3],eth_destination[4],eth_destination[5]);
printf("\t\tSource\t%02x:%02x:%02x:%02x:%02x:%02x\n", eth_source[0],eth_source[1],eth_source[2],eth_source[3],eth_source[4],eth_source[5]);
printf("\t\tType\t0x%02x\n", eth_type);
printf("\t\tPayload\t%s\n", eth_payload);
// All packets will have ethernet info (decoded and printed above).
// At this point we have to determine what kind of data is at the next layer up (layer 3) and decode/print the data accordingly.
// This is done based on the eth_type variable.
if ( eth_type >= 0x600) {
switch ( eth_type )
{
case 0x800: // IP Packet
// insert code to decode and print IP (should this be a separate sub-routine?
break;
case 0x806: // ARP Packet
// insert code to decode and print ARP
break;
default:
break;
}
}
exit(0);
}
Any ideas?