From owner-freebsd-net@FreeBSD.ORG Fri Jun 25 12:32:57 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DCA516A4CF for ; Fri, 25 Jun 2004 12:32:57 +0000 (GMT) Received: from istanbul.enderunix.org (freefall.marmara.edu.tr [193.140.143.23]) by mx1.FreeBSD.org (Postfix) with SMTP id 5377E43D4C for ; Fri, 25 Jun 2004 12:32:54 +0000 (GMT) (envelope-from murat@enderunix.org) Received: (qmail 61429 invoked by uid 1002); 25 Jun 2004 12:31:43 -0000 Date: Fri, 25 Jun 2004 15:31:43 +0300 From: Murat Balaban To: kamal kc Message-ID: <20040625123143.GA60543@enderunix.org> References: <20040625104911.69479.qmail@web13004.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040625104911.69479.qmail@web13004.mail.yahoo.com> cc: freebsd-net@freebsd.org Subject: Re: newbie: ethernet, ip header proble X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jun 2004 12:32:57 -0000 On Fri, Jun 25, 2004 at 03:49:11AM -0700, kamal kc wrote: > Hi i am new to this mailing list. > > I have written a program to capture packets using pcap library routines. I have a FreeBSD 5.1. The problem I faced was I successfully captured packets and parsed to ethernet header and ip header. > > i present a section of code how i did it. > > -- > char *ptr; > ptr=pcap_next(.....); > > struct ether_header *eth; > struct ip *ip; > > eth=(struct ether_header *)ptr; // datalink type DLT_EN10MB > ptr+=14; // the size of the ether_header being 14 bytes; > > ip=(struct ip *)ptr; > > printf("\n %s %s", ether_ntoa(eth->ether_dhost), ether_ntoa(eth->ether_shost)); > printf("\n %s %s", inet_ntoa(ip->ip_src), inet_ntoa(ip->ip_dst)); > > ---------------- > > Now the problem is that the ethernet destination and sender host is printed the same. > it is equal to that of the sender MAC address(linux) when ICMP packets (by ping utility) > is sent to the host(FreeBSD) running the program. > > Also that the ip adresses printed is the same as the sender ip address(ie linux). > > The program is run on host with FreeBSD. > > The ip address of the computers are: > 192.168.1.10 has Linux > 192.168.1.11 has FreeBSD > > I couldn't think of a solution as i guess the coding was alright. ether_ntoa returns a pointer to a static buffer, which means you'll need to save the string returned by call to first ether_ntoa [ether_ntoa(eth->ether_dhost)] to a temporary space. Same thing applies to inet_ntoa. read the manual pages.