0
I’m making a small program in (C/C++) to read some data from a. CAP file (provided by TCPDUMP). A good example would be Wireshark, but need much less INFO.
Turns out, this . CAP seems to be written in HEXA and when I read the data it comes "encoded".
As I have very little experience, and I have to learn that... I guess I’m not knowing how to ask the question, then I count on the goodwill of friends.
Not to mention I do, I just lost in a sea of links on the internet, which only caused more confusion.
Explain: In this link you can download the . CAP, which is opened quietly by Wireshark, while my code below returns "strange characters".
as an example:
==> Revision: ò*
or
==> header_pad: ò
Where "Revision" for example should be 12 HEXA or if converted 18 decimal
- Well, as a beginner, I tried to leave the code as commented as possible.
Since this code intends to run on a linux terminal..
#include <stdio.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
// #include <curses.h>
// テスト用フラグ => Test for the flag
int LOOP_ONCE = 1;
// WiFi取得情報構造体 => get information structure
// Radiotap Header
// 18bytes固定長(と思われる)=> fixed length (seems to be)
typedef struct WF_HEADER
{
char header_revision[1];
char header_pad[1];
unsigned short int header_length;
char present_flags[4];
char flags[1];
char data_rate[1];
char channel_frequency[2];
char channel_flags[2];
char ssi_signal[1];
char antenna[1];
char rx_flags[2];
} wf_header_t;
// IEEE802.11 Probe Request (前半部分)=> (first half)
// 24bytes固定長 => fixed length
typedef struct WF_PROBE1
{
char frame_control_field[4];
char receiver_address[6];
char transmitter_address[6];
char bbs_id[6];
char numbers[2];
} wf_probe1_t;
// IEEE802.11 Probe Request(後半部分)=> (the latter part)
// 4bytes固定長 => fixed length
typedef struct WF_PROBE2
{
char frame_check_sequence[4];
} wf_probe2_t;
// IEEE802.11 wireless LAN management frame(繰り返しヘッダー) => (repeat header)
// 2bytes
typedef struct WF_MANAGE_HEADER
{
char tag_number[1];
char tag_length[1];
} wf_manage_header_t;
int main(int argc, char *argv[]){
char read_fname[30]; //読み込みファイル名 => read file name
int read_fb; //読み込みファイルバンドル => read file bundle
wf_header_t *wfh; //WiFiデータ読み込み構造体のポインタ => pointer of WiFi data read structure
int read_size; //読み込みファイルサイズ => read file size
int wfh_size; // Wifiデータ構造体のサイズ => Wifi data structure; int wfh_size
/* WiFiデータ読み込み構造体の領域確保 => Area of WiFi data read structure ensure */
wfh_size = sizeof(wf_header_t);
wfh = calloc(1, wfh_size);
/* ループ実行 */
/* Loop execution */
while (1) {
/* ファイルの存在を監視する => To monitor the presence of the file */
/* 読み込みファイル名取得 => Read file name acquisition */
if (1) {
system("clear");
// テスト用プログラム => Test program
fprintf(stdout, "読み込みファイル名を入力してください。\n"); // Please enter the reading file name
scanf("%s", read_fname);
fprintf(stdout, "ファイル名:%s\n", read_fname); //file name:
} else {
// 次のファイル名を取得するような仕組み => Like to get the following file name mechanism
}
/* ファイルオープン処理 => Seek to the data top position */
read_fb = open(read_fname, O_RDONLY);
if (read_fb == -1) {
fprintf(stderr, "ファイルオープンに失敗しました。\n"); //Failed to open file
fprintf(stderr, "ファイル名:%s\n", read_fname); //file name
return -1;
}
/* データ先頭位置までシークする => Seek to the data top position * /
/* 前ファイルの続きである場合は、そのまま残サイズを読み込む => Case is a continuation of the previous file, as it is read in the remaining size */
read_size = read(read_fb, wfh, wfh_size);
if (read_size == -1) {
/* ファイル読み込み失敗 => File read failure */
free(wfh);
fprintf(stderr, "ファイル読み込みに失敗しました。\n"); //failed to file read
fprintf(stderr, "ファイル名:%s\n", read_fname); //file name
return -1;
} else if (read_size == wfh_size) {
fprintf(stdout, "====================================\n");
fprintf(stdout, "revision: %s \n", wfh->header_revision);
fprintf(stdout, "header_pad: %s \n", wfh->header_pad);
fprintf(stdout, "present_flags: %s \n", wfh->present_flags);
fprintf(stdout, "flags: %s \n", wfh->flags);
fprintf(stdout, "data_rate: %s \n", wfh->data_rate);
fprintf(stdout, "channel_frequency: %s \n", wfh->channel_frequency);
fprintf(stdout, "channel_flags: %s \n", wfh->channel_flags);
fprintf(stdout, "ssi_signal: %s \n", wfh->ssi_signal);
fprintf(stdout, "antenna: %s \n", wfh->antenna);
fprintf(stdout, "rx_flags: %s \n", wfh->rx_flags);
fprintf(stdout, "====================================\n");
} else {
/* 残りサイズを読み込み、次のファイルへ進む => Read the remaining size, advance to the next file */
}
/* 終了処理 End processing */
if (close(read_fb) != -1) {
// ファイルクローズに成功したので、バックアップフォルダへ移動させる
// Since successful file close, move to the backup folder
} else {
free(wfh);
fprintf(stderr, "ファイルクローズに失敗しました。\n"); // file close failed
fprintf(stderr, "ファイル名:%s\n", read_fname); // file name
return -1;
}
/* ループ終了判定 => Loop termination determination */
if (LOOP_ONCE == 1) {
free(wfh);
fprintf(stdout, "終了しました。\n"); // was completed
return 0;
}
}
}
It was worth a lot! This stuff is new for me! I’ll study! I have to learn this and yes, I will have to program to get ONLY a few Infos... and as a good beginner.. I have picked up horrors! Thanks for the tip! It’s not everyone who has "bag" to put up with us.. the noobs !!
– Roberval Sena 山本
I’m having a hard time how pcap/pcap. h works... how to call its functions... that is to say how to get those components I need on the site I haven’t found many examples... as the item : Data Rate: or SSI Signal: among others... I wonder if anyone has examples of C codes using the pcap/pcap.h library.. Of course already googled, but the impression I had is that the articles I found did not know very well what they were talking about. Thank you.
– Roberval Sena 山本
Some examples I found: (1) http://www.cnblogs.com/xiangshancuizhu/archive/2012/10/14/2723654.html. (2) http://www.tcpdump.org/pcap.html. (3) http://stackoverflow.com/questions/12999538/read-from-a-pcap-file-and-print-out-ip-addresses-and-port-numbers-in-c-but-my-r (4) http://vichargrave.com/develop-a-packet-sniffer-with-libpcap/ (5) and here are the questions about pcap in the OS: http://stackoverflow.com/search?q=pcap+c%2B%2B
– zentrunix
was worth a lot !! studying!
– Roberval Sena 山本