Hello, Sorry in advance if this is too lengthy. I have three questions that may or may not be related. So I thought I should include them together in one e-mail.
1) I'm having a problem reading the correct source and dest. IP addresses. Below is an example: If the IP addresses are: Src: 1.2.3.4 Dst: 5.6.7.8 My code prints: Src: 3.4.5.6 Dst: 7.8.20.21 I used the example code from "sniffer.c" as a starting point: http://www.tcpdump.org/pcap.htm <snip...> /* IP header */ struct sniff_ip { #if BYTE_ORDER == LITTLE_ENDIAN u_int ip_hl:4, /* header length */ ip_v:4; /* version */ #if BYTE_ORDER == BIG_ENDIAN u_int ip_v:4, /* version */ ip_hl:4; /* header length */ #endif #endif /* not _IP_VHL */ u_char ip_tos; /* type of service */ u_short ip_len; /* total length */ u_short ip_id; /* identification */ u_short ip_off; /* fragment offset field */ #define IP_RF 0x8000 /* reserved fragment flag */ #define IP_DF 0x4000 /* dont fragment flag */ #define IP_MF 0x2000 /* more fragments flag */ #define IP_OFFMASK 0x1fff /* mask for fragmenting bits */ u_char ip_ttl; /* time to live */ u_char ip_p; /* protocol */ u_short ip_sum; /* checksum */ struct in_addr ip_src,ip_dst; /* source and dest address */ }; <snip...> const struct sniff_ip *ip; /* The IP header */ ip = (struct sniff_ip*)(packet + size_ethernet); printf("\t Src: %s:%d\n", inet_ntoa(ip->ip_src), ntohs(tcp->th_sport)); printf("\t Dst: %s:%d\n", inet_ntoa(ip->ip_dst), ntohs(tcp->th_dport)); <end> I'm using: tcpdump version 3.7.1 libpcap version 0.7 This problem happens on my laptop (RedHat 7.1) at home, but not on my desktop (RedHat 7.2) at work. They are both i386 machines. Both are libpcap-0.7/tcpdump-3.7.1. 2) Why does the sniff_ip struct above have the two #endif's together like below?: <snip...> #if BYTE_ORDER == LITTLE_ENDIAN u_int ip_hl:4, /* header length */ ip_v:4; /* version */ #if BYTE_ORDER == BIG_ENDIAN u_int ip_v:4, /* version */ ip_hl:4; /* header length */ #endif #endif /* not _IP_VHL */ <end> Shouldn't one of the #endif's be above the "BIG_ENDIAN" line? 3) When writing libpcap programs, are there any flags I should pass to gcc for structure alignment/packing purposes? I want to write them in a portable way. Currently, I'm using: gcc -Wall -O0 -ggdb -o sesntr sesntr.c -lpcap Thanks for hanging in there... reading this looong e-mail, -Nathan - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
