Jayanth Gurijala
12/06/2008 2:12 PM
post18076
|
Hi,
I am trying to capture ICMP ping packets.
Using socket(AF_INET, SOCK_DGRAM, 1), the call the recvfrom blocks even when i ping the machine running the
application(x86 using io-pkt-hc).
here is the code after socket creation.
memset(&daddr, 0, sizeof(daddr));
addrlen = sizeof(daddr);
printf("Waiting...\n");
/*THIS CALL JUST HANGS*/
if ((recvfrom(s, buf, 100, 0, (struct sockaddr *)&daddr, &addrlen))==-1)
{
printf("Receive error: %s\n", strerror(errno));
continue;
}
printf("Packet received: ");
Can anyone help me out?
Thanks,
Jayanth
|
|
|
Sean Boudreau(deleted)
12/06/2008 3:24 PM
post18077
|
On Sat, Dec 06, 2008 at 02:12:17PM -0500, Jayanth Gurijala wrote:
> Hi,
>
> I am trying to capture ICMP ping packets.
> Using socket(AF_INET, SOCK_DGRAM, 1), the call the recvfrom blocks even when i ping the machine running the
application(x86 using io-pkt-hc).
>
> here is the code after socket creation.
>
> memset(&daddr, 0, sizeof(daddr));
> addrlen = sizeof(daddr);
> printf("Waiting...\n");
> /*THIS CALL JUST HANGS*/
> if ((recvfrom(s, buf, 100, 0, (struct sockaddr *)&daddr, &addrlen))==-1)
> {
> printf("Receive error: %s\n", strerror(errno));
> continue;
> }
> printf("Packet received: ");
>
ICMP packets aren't udp packets (SOCK_DGRAM). You'll need
a SOCK_RAW with IPPROTO_ICMP. See the source for the ping
utility under utils/p/ping.
-seanb
|
|
|
Jayanth Gurijala
12/06/2008 10:30 PM
post18080
|
ooops... sleepy eyes made me type DGRAM... and IPPROTO_ICMP is defined as 1 anyway...
Thanks for the utils/p/ping tip.. will try...
|
|
|
Jayanth Gurijala
|
Re: recvfrom is blocking(just observed only reply is captured)
|
Jayanth Gurijala
12/07/2008 12:38 PM
post18085
|
Re: recvfrom is blocking(just observed only reply is captured)
Hi Sean,
I just observed that I am able to capture ICMP reply packets only but not ICMP request packets though qnx does reply to
the ICMP request.
Is this expected behaviour (should not be right, in linux I could capture the request too with the same code.)?
Below is the program:
#include<stdio.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<errno.h>
#include<stdlib.h>
#include <string.h>
#include <arpa/inet.h>
#include <netdb.h>
typedef struct _icmphdr {
unsigned char type;
unsigned char code;
unsigned short chksum;
unsigned char data[0];
}icmphdr;
typedef struct _echohdr {
unsigned short iden;
unsigned short seqno;
}echohdr;
int main(int argc, char *argv[])
{
int s, len;
struct sockaddr_in saddr, daddr;
unsigned char dbuf[200];
char *buf=NULL;
socklen_t addrlen;
int offset;
if ((s=socket(PF_INET, SOCK_RAW, IPPROTO_ICMP))<0) {
printf("Socket creation error! %s\n", strerror(errno));
return 1;
}
while (1) {
memset(&daddr, 0, sizeof(daddr));
memset(dbuf, 0, 100);
addrlen = sizeof(daddr);
if ((len=recvfrom(s, dbuf, 200, 0, (struct sockaddr *)&saddr, &addrlen))<0)
{
printf("Receive Error: %s\n", strerror(errno));
continue;
}
printf("Packet received from %s, bytes = %d\n ", inet_ntoa(saddr.sin_addr), len);
offset = dbuf[0] & 0x0f;
buf = dbuf + offset*4;
printf("ICMP [TYPE]=%01x [CODE]=%01x\n",((icmphdr *)buf)->type, ((icmphdr *)buf)->code);
if (((icmphdr *)buf)->code ==0) {
icmphdr *hdr = (icmphdr *)buf;
if (hdr->type == 0) {
printf("Echo reply\n");
} else if (hdr->type ==8) {
printf("Echo request\n");
} else {
printf("Illegal echo packet\n");
}
printf("Echo [IDEN]=%02x [SEQ NO]=%02x\n",((echohdr *)hdr->data)->iden, ((echohdr *)hdr->data)->seqno);
}
printf("=========END=======\n");
}
return 0;
}
|
|
|
Sean Boudreau(deleted)
|
Re: recvfrom is blocking(just observed only reply is captured)
|
Sean Boudreau(deleted)
12/08/2008 10:03 AM
post18116
|
Re: recvfrom is blocking(just observed only reply is captured)
On Sun, Dec 07, 2008 at 12:38:05PM -0500, Jayanth Gurijala wrote:
> Hi Sean,
>
> I just observed that I am able to capture ICMP reply packets only but not ICMP request packets though qnx does reply
to the ICMP request.
>
> Is this expected behaviour
Yes, this is the case from around line 572 of sys/netinet/ip_icmp.c
case ICMP_ECHO:
icp->icmp_type = ICMP_ECHOREPLY;
goto reflect;
> (should not be right, in linux I could capture the request too with the same code.)?
You'd probably have to use bpf / libpcap on other platforms.
-seanb
|
|
|
Jayanth Gurijala
|
Re: recvfrom is blocking(just observed only reply is captured)
|
Jayanth Gurijala
12/08/2008 2:03 PM
post18158
|
Re: recvfrom is blocking(just observed only reply is captured)
hmm... but if I set about writing a sniffer program.. how can i make it
capture the ICMP packets... isnt raw IPPROTO_ICMP socket supposed to capture
all the ICMP packets...?
Also I see that if I change the proto from IPPROTO_ICMP to IPPROTO_UDP no
packets are captured at all
(just wrote a small udp client-server program and verified)... works on my
linux system though...
On Mon, Dec 8, 2008 at 8:33 PM, Sean Boudreau <community-noreply@qnx.com>wrote:
> On Sun, Dec 07, 2008 at 12:38:05PM -0500, Jayanth Gurijala wrote:
> > Hi Sean,
> >
> > I just observed that I am able to capture ICMP reply packets only but not
> ICMP request packets though qnx does reply to the ICMP request.
> >
> > Is this expected behaviour
>
> Yes, this is the case from around line 572 of sys/netinet/ip_icmp.c
>
> case ICMP_ECHO:
> icp->icmp_type = ICMP_ECHOREPLY;
> goto reflect;
>
> > (should not be right, in linux I could capture the request too with the
> same code.)?
>
> You'd probably have to use bpf / libpcap on other platforms.
>
> -seanb
>
>
>
> _______________________________________________
> General
> http://community.qnx.com/sf/go/post18116
>
>
|
|
|
Sean Boudreau(deleted)
|
Re: recvfrom is blocking(just observed only reply is captured)
|
Sean Boudreau(deleted)
12/08/2008 2:08 PM
post18159
|
Re: recvfrom is blocking(just observed only reply is captured)
Use bpf / libpcap for a sniffer. That's what tcpdump does for
example.
-seamb
On Mon, Dec 08, 2008 at 02:03:55PM -0500, Jayanth Gurijala wrote:
> hmm... but if I set about writing a sniffer program.. how can i make it
> capture the ICMP packets... isnt raw IPPROTO_ICMP socket supposed to capture
> all the ICMP packets...?
>
> Also I see that if I change the proto from IPPROTO_ICMP to IPPROTO_UDP no
> packets are captured at all
> (just wrote a small udp client-server program and verified)... works on my
> linux system though...
>
>
> On Mon, Dec 8, 2008 at 8:33 PM, Sean Boudreau <community-noreply@qnx.com>wrote:
>
> > On Sun, Dec 07, 2008 at 12:38:05PM -0500, Jayanth Gurijala wrote:
> > > Hi Sean,
> > >
> > > I just observed that I am able to capture ICMP reply packets only but not
> > ICMP request packets though qnx does reply to the ICMP request.
> > >
> > > Is this expected behaviour
> >
> > Yes, this is the case from around line 572 of sys/netinet/ip_icmp.c
> >
> > case ICMP_ECHO:
> > icp->icmp_type = ICMP_ECHOREPLY;
> > goto reflect;
> >
> > > (should not be right, in linux I could capture the request too with the
> > same code.)?
> >
> > You'd probably have to use bpf / libpcap on other platforms.
> >
> > -seanb
> >
> >
> >
> > _______________________________________________
> > General
> > http://community.qnx.com/sf/go/post18116
> >
> >
>
>
> _______________________________________________
> General
> http://community.qnx.com/sf/go/post18158
>
|
|
|
Jayanth Gurijala
|
Re: recvfrom is blocking(just observed only reply is captured)
|
Jayanth Gurijala
12/08/2008 2:16 PM
post18161
|
Re: recvfrom is blocking(just observed only reply is captured)
ooh... something new for me to learn.. will try... thanks.
On Tue, Dec 9, 2008 at 12:38 AM, Sean Boudreau <community-noreply@qnx.com>wrote:
>
> Use bpf / libpcap for a sniffer. That's what tcpdump does for
> example.
>
> -seamb
>
> On Mon, Dec 08, 2008 at 02:03:55PM -0500, Jayanth Gurijala wrote:
> > hmm... but if I set about writing a sniffer program.. how can i make it
> > capture the ICMP packets... isnt raw IPPROTO_ICMP socket supposed to
> capture
> > all the ICMP packets...?
> >
> > Also I see that if I change the proto from IPPROTO_ICMP to IPPROTO_UDP no
> > packets are captured at all
> > (just wrote a small udp client-server program and verified)... works on
> my
> > linux system though...
> >
> >
> > On Mon, Dec 8, 2008 at 8:33 PM, Sean Boudreau <community-noreply@qnx.com
> >wrote:
> >
> > > On Sun, Dec 07, 2008 at 12:38:05PM -0500, Jayanth Gurijala wrote:
> > > > Hi Sean,
> > > >
> > > > I just observed that I am able to capture ICMP reply packets only but
> not
> > > ICMP request packets though qnx does reply to the ICMP request.
> > > >
> > > > Is this expected behaviour
> > >
> > > Yes, this is the case from around line 572 of sys/netinet/ip_icmp.c
> > >
> > > case ICMP_ECHO:
> > > icp->icmp_type = ICMP_ECHOREPLY;
> > > goto reflect;
> > >
> > > > (should not be right, in linux I could capture the request too with
> the
> > > same code.)?
> > >
> > > You'd probably have to use bpf / libpcap on other platforms.
> > >
> > > -seanb
> > >
> > >
> > >
> > > _______________________________________________
> > > General
> > > http://community.qnx.com/sf/go/post18116
> > >
> > >
> >
> >
> > _______________________________________________
> > General
> > http://community.qnx.com/sf/go/post18158
> >
>
> _______________________________________________
> General
> http://community.qnx.com/sf/go/post18159
>
>
|
|
|
karl mortensen
|
Re: recvfrom is blocking(just observed only reply is captured)
|
karl mortensen
02/26/2009 1:48 PM
post23009
|
Re: recvfrom is blocking(just observed only reply is captured)
Did you ever get your sniffer working? If so, could you offer a few pointers (or source) to me?
I was unable to capture incoming packets, but outgoing was no problem.
Thanks,
Karl
|
|
|
Hu Chen
01/28/2011 2:17 AM
post82706
|
> ooops... sleepy eyes made me type DGRAM... and IPPROTO_ICMP is defined as 1
> anyway...
> Thanks for the utils/p/ping tip.. will try...
How can I get the source code of such utility?
Can you give me the link?
|
|
|
|