Very nice! I've got it chiming away happily in the background -- now,
if it'd produce MIDI output...
Mario Lang <mlang(a)delysid.org> writes:
P.S.: Soooo, who knows how to easily decode a IP
packets protocol
number? Wouldnt it be sweet to have a separate instrument for
each protocol?
Have a look at RFC 790 and the following RFCs. Essentially you're just
after iphdr[9] -- although it won't be very exciting unless you're
running more protocols than just TCP and UDP. Different instruments
for different TCP/UDP ports would be more interesting, and not much
harder; you just need to figure out how long the options section in
the IP header is to know where the data starts, then look at the right
field in the UDP or TCP header depending on the IP protocol
number. You'll need to chop the Ethernet header off the start of the
packet too, since libpcap includes it.
Here's a bit of messy code that'll do what you want in packet_handler
-- you'll probably want some more error checking:
// Skip Ethernet header (assume it's 802.3).
const u_char *ip_header = p + 14;
const u_char ip_proto = ip_header[9];
// Find the start of the data using the IHL field.
const u_char *ip_data = ip_header + (ip_header[0] & 0x0f) * 4;
const int ip_len = (ip_header[2] << 8) + ip_header[3];
if (ip_proto == 6 && ip_len >= 4) {
// TCP
const int tcp_dest_port = (ip_data[2] << 8) + ip_data[3];
...
} else if (ip_proto == 17 && ip_len >= 4) {
// UDP
const int udp_dest_port = (ip_data[2] << 8) + ip_data[3];
...
}
--
Adam Sampson <ats(a)offog.org> <http://offog.org/>