recvfrom result differs from ip_len field (IPv4)

This is a discussion on recvfrom result differs from ip_len field (IPv4) within the C++ Programming forums, part of the General Programming Boards category; I'am writing a simple network sniffer on windows xp. Here is the code: Code: #include <stdio.h> #include <stdlib.h> #include <windows.h> ...

  1. #1
    Registered User
    Join Date
    Jan 2011
    Posts
    2

    Angry recvfrom result differs from ip_len field (IPv4)

    I'am writing a simple network sniffer on windows xp.
    Here is the code:
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    #include <windows.h>
    
    #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
    
    void die(const char* msg) {
        printf("Error: %s\n", msg);
        exit(-1);
    }
    
    int Init(WSADATA wsa) {
        return WSAStartup(0x0101, &wsa);
    }
    
    int main(int argc, char** argv) {
        WSADATA wsa;
        if(Init(wsa)) die("init");
    
        SOCKET s;
        long flag = 1;
        struct sockaddr_in local;
        
        local.sin_family = AF_INET;
        local.sin_port = 0;
        local.sin_addr.S_un.S_addr = inet_addr("192.168.1.2");
    
        if((s = socket(AF_INET, SOCK_RAW, IPPROTO_IP)) == INVALID_SOCKET) die("invalid socket");
        if(bind(s, (SOCKADDR*) &local, sizeof(local)) == SOCKET_ERROR) die("bind");
        if(ioctlsocket(s, SIO_RCVALL, &flag)) die("ioctl");
        
        struct sockaddr_in remote;
        int rsize = sizeof(remote);
    
        int rcvd = 0;
        char buff[0xFFFF]; //64k
    
        int ip_len = 0;
    
        int i = 0;
        while((rcvd = recvfrom(s, buff, sizeof(buff), 0, (SOCKADDR*) &remote, &rsize)) != SOCKET_ERROR) {
            ip_len = (buff[2] & 0xFF << 8) | (buff[3] & 0xFF);
            if(ip_len != rcvd) {
                printf("\nIPLEN: %6i, RECVFROM: %6i", ip_len, rcvd);
            } else {
                printf(".");
            }
        }
    
        printf("Error: %i\n", WSAGetLastError());
    
        return (EXIT_SUCCESS);
    }
    Packets are caught, but i have a problem: value, returned by recvfrom (number of bytes read) differs from IPv4 packet's ip_len field.
    Here is the example of output:
    Code:
    IPLEN:     39, RECVFROM:    551...
    IPLEN:    187, RECVFROM:    955..
    IPLEN:    112, RECVFROM:    880..
    IPLEN:    250, RECVFROM:    762
    IPLEN:    122, RECVFROM:    890.
    IPLEN:     39, RECVFROM:    295...
    IPLEN:     96, RECVFROM:    608........
    IPLEN:    122, RECVFROM:    890....
    IPLEN:     22, RECVFROM:    534.....
    IPLEN:      9, RECVFROM:    521..
    IPLEN:     79, RECVFROM:    847..
    (dots means packets with equal values)
    So, how to fix this?

  2. #2

  3. #3
    Registered User
    Join Date
    Jan 2011
    Posts
    2
    thanks. no troubles at all now.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Inserting a swf file in a windows application
    By face_master in forum Windows Programming
    Replies: 12
    Last Post: 05-03-2009, 12:29 PM
  2. Need help with basic calculation program.
    By StateofMind in forum C Programming
    Replies: 18
    Last Post: 03-06-2009, 01:44 AM
  3. Promblem with code
    By watchdogger in forum C Programming
    Replies: 18
    Last Post: 01-31-2009, 06:36 PM
  4. Type casting
    By Lionmane in forum C Programming
    Replies: 28
    Last Post: 08-20-2005, 03:16 PM
  5. Output problems with structures
    By Gkitty in forum C Programming
    Replies: 1
    Last Post: 12-16-2002, 05:27 AM

Tags for this Thread


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21