Ok, but my app must take those packet from the net for other operation.
For this purpose I can also build my own structure to see arp parameter,
but I'm trying to know how to use arphdr structure. Someone has
experience about it?
Thanks in advance.
Il 05/04/2011 14:51, Jan Stary ha scritto:
On Apr 04 21:03:58, Alessandro Baggi wrote:
Hi list. I'm coding a little program with libpcap that captures ARP
packet.
Why? tcpdump arp
In this program I try to cast an arphdr struct pointer to
the packet, to read ARP packet parameters, and in this point I have
the problem.
tcpdump -e arp
If you are sure you need to write your own code for this,
look at the source of tcpdump to see how they do it.
This is the code of the callback pcap_loop function:
void mac(u_char *args, const struct pcap_pkthdr *header, const
u_char *packet)
{
struct arphdr *arp = NULL;
arp = (struct arphdr *) packet;
printf("%d:%d:%d\n", arp->ar_sha[0], arp->ar_sha[1],
arp->ar_sha[2]);
return;
}
Compiling this source, I get the following error:
oad-cap.c: In function 'mac':
oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha'
oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha'
oad-cap.c:11: error: 'struct arphdr' has no member named 'ar_sha'
Now, I've seen in /usr/include/net/if_arp.h and get:
struct arphdr {
u_int16_t ar_hrd; /* format of hardware address */
#define ARPHRD_ETHER 1 /* ethernet hardware format */
#define ARPHRD_IEEE802 6 /* IEEE 802 hardware format */
#define ARPHRD_FRELAY 15 /* frame relay hardware format */
#define ARPHRD_IEEE1394 24 /* IEEE 1394 (FireWire) hardware format */
u_int16_t ar_pro; /* format of protocol address */
u_int8_t ar_hln; /* length of hardware address */
u_int8_t ar_pln; /* length of protocol address */
u_int16_t ar_op; /* one of: */
#define ARPOP_REQUEST 1 /* request to resolve address */
#define ARPOP_REPLY 2 /* response to previous request */
#define ARPOP_REVREQUEST 3 /* request protocol address given
hardware */
#define ARPOP_REVREPLY 4 /* response giving protocol address */
#define ARPOP_INVREQUEST 8 /* request to identify peer */
#define ARPOP_INVREPLY 9 /* response identifying peer */
/*
* The remaining fields are variable in size,
* according to the sizes above.
*/
#ifdef COMMENT_ONLY
u_int8_t ar_sha[]; /* sender hardware address */
u_int8_t ar_spa[]; /* sender protocol address */
u_int8_t ar_tha[]; /* target hardware address */
u_int8_t ar_tpa[]; /* target protocol address */
#endif
};
I've tried to #define COMMENT_ONLY, with no result. But I think that
the solution is not #define COMMENT_ONLY.
I've searched on google, same with no result.
Someone know what it does depend?
Thanks in advance.
