[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Communications Programming Concepts

Analyzing Packets Over the Network Example Program

/*
 * Simple sniffer to capture 802.2 frames on 802.3 ethernet, token ring,
 * FDDI, and other CDLI devices that support 802.2 encapsulation...
 */
#include <stdio.h>
#include <sys/types.h>
#include <sys/ndd_var.h>
#include <sys/tok_demux.h>
#include <netinet/if_802_5.h>
main(argc, argv)
int argc;
char *argv[];
{ 
          int        s;
          struct sockaddr_ndd_8022 sa;
          struct sockaddr_ndd_8022 from;
          struct sockaddr *fromp = (struct sockaddr *)&from;
          int len;
          char buf[2000];
          int cc;
          u_long fromlen;
          int sap;
          struct ie5_mac_hdr *macp = (struct ie5_mac_hdr *)buf;
          struct ie2_llc_hdr *llcp;
          if (argc != 3) {
                    printf("Usage %s <interface> <sap>\n", argv[0]);
                    exit(1);
          }
          sscanf(argv[2], "%x", &sap);
          printf("sap is %x\n", sap);
          s = socket(AF_NDD, SOCK_DGRAM, 0);
          if (s < 0) {
                    perror("socket");
                    exit(1);
          }
          sa.sndd_8022_family = AF_NDD;
          sa.sndd_8022_len = sizeof(struct sockaddr_ndd_8022);
          sa.sndd_8022_filtertype = NS_TAP;
          sa.sndd_8022_filterlen = sizeof(ns_8022_t);
          strcpy(sa.sndd_8022_nddname, argv[1]);
          if (bind(s, (struct sockaddr *)&sa, sizeof(struct sockaddr_ndd_8022))) {
                    perror("bind");
                    exit(2);
          }
          len = sizeof(buf);
          fromlen = sizeof(from);
          while (TRUE) {
                    if ((cc = recvfrom(s, buf, len, 0, fromp, &fromlen)) < 0) {
                              perror("recvfrom");
                              exit(3);
                    }
                    if (!strcmp(argv[1], "ent0")) 
                    llcp = (struct ie2_llc_hdr *)(buf+14);
                    else
                             llcp = (struct ie2_llc_hdr *)(buf + mac_size(macp));
                    if ((llcp->dsap == sap) || (llcp->ssap == sap))
                             printit(buf, cc);
          }
}
printit(char *buf, int cc)
{
          int i;
          printf("FRAME: ");
          for (i=0; i < cc; i++)
                    printf("%2.2x", *(buf+i));
          printf("\n");
}

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]