PCAP - I'm not capturing the right TCP port number
Papaya-Automaton
I'm using Ubuntu 16.04.2 LTS on a VM using Windows 10.
I'm trying to capture ports within the range of 1-100. But it's not doing that and also it seems to be giving incorrect port numbers. For example, when I try using the telnet command to connect to another VM I'm excepting to see the destination port to be 23; however, I get a completely different port number. I also check in wireshark and the destination and source port number do not match.
Here's screenshot of what I get when I try to telnet to 10.0.2.5:
Here's my code:
#include <pcap.h>
#include <stdio.h>
#include <arpa/inet.h>
//Ethernet addresses are 6 bytes
#define ETHER_ADDR_LEN 6
//ethernet header
struct sniff_ethernet {
u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */
u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */
u_short ether_type; /* IP? ARP? RARP? etc */
};
//ip header
struct ipheader {
unsigned char iph_ihl:4, //IP header length
iph_ver:4; //IP version
unsigned char iph_tos; //Type of service
unsigned short int iph_len; //IP Packet length (data + header)
unsigned short int iph_ident; //Identification
unsigned short int iph_flag: 3, //Fragmenation flags
iph_offset:13; //Flags offset
unsigned char iph_ttl; //Time to live
unsigned char iph_protocol; //Protocol type
unsigned short int iph_chksum; //IP datagram checksum
struct in_addr iph_sourceip; //Source IP address
struct in_addr iph_destip; //Destination IP address
};
//tcp header
typedef u_int tcp_seq;
struct sniff_tcp {
u_short th_sport;/* source port */
u_short th_dport;/* destination port */
tcp_seq th_seq;/* sequence number */
tcp_seq th_ack;/* acknowledgement number */
u_char th_offx2;/* data offset, rsvd */
#define TH_OFF(th)(((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win;/* window */
u_short th_sum;/* checksum */
u_short th_urp;/* urgent pointer */
};
void got_packet(u_char *args, const struct pcap_pkthdr * header,
const u_char * packet)
{
struct sniff_ethernet *eth = (struct sniff_ethernet *)packet;
if(ntohs(eth->ether_type)== 0x0800){ // 0x0800 is IP type
struct ipheader *ip = (struct ipheader *) (packet + sizeof(struct sniff_ethernet));
printf(" From: %s\n", inet_ntoa(ip->iph_sourceip));
printf(" To: %s\n", inet_ntoa(ip->iph_destip));
int ip_header_len = ip->iph_ihl * 4;
struct sniff_tcp *tcp = (struct sniff_tcp*) (packet + sizeof(struct sniff_ethernet) + ip_header_len);
printf("tcp source port: %hu\n",tcp->th_sport);
printf("tcp destination port: %hu\n", tcp->th_dport);
}
}
int main(int argc, char* argv[])
{
char* dev = argv[1];
printf("Device: %s\n", dev);
//session handle
pcap_t *handle;
//error string
char errbuf[PCAP_ERRBUF_SIZE];
//the compiled filter expression
struct bpf_program fp;
char filter_exp[] = "tcp and portrange 10-100";
//the ip of our sniffing device
bpf_u_int32 net;
// open pcap session
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
//Compile filter_exp into BPF pseudo-code
pcap_compile(handle, &fp, filter_exp, 0, net);
pcap_setfilter(handle,&fp);
//Capture packets
pcap_loop(handle,-1,got_packet,NULL);
pcap_close(handle);
return (0);
}
kaylum
Need to convert from network to host byte order:
printf("tcp source port: %hu\n", ntohs(tcp->th_sport));
printf("tcp destination port: %hu\n", ntohs(tcp->th_dport));
Collected from the Internet
Please contact [email protected] to delete if infringement.
edited at
Related
TOP Ranking
- 1
Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)
- 2
Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background
- 3
pump.io port in URL
- 4
How to import an asset in swift using Bundle.main.path() in a react-native native module
- 5
Failed to listen on localhost:8000 (reason: Cannot assign requested address)
- 6
Spring Boot JPA PostgreSQL Web App - Internal Authentication Error
- 7
Emulator wrong screen resolution in Android Studio 1.3
- 8
3D Touch Peek Swipe Like Mail
- 9
Double spacing in rmarkdown pdf
- 10
Svchost high CPU from Microsoft.BingWeather app errors
- 11
How to how increase/decrease compared to adjacent cell
- 12
Using Response.Redirect with Friendly URLS in ASP.NET
- 13
java.lang.NullPointerException: Cannot read the array length because "<local3>" is null
- 14
BigQuery - concatenate ignoring NULL
- 15
How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?
- 16
ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3
- 17
Can a 32-bit antivirus program protect you from 64-bit threats
- 18
Make a B+ Tree concurrent thread safe
- 19
Bootstrap 5 Static Modal Still Closes when I Click Outside
- 20
Vector input in shiny R and then use it
- 21
Assembly definition can't resolve namespaces from external packages
Comments