Binary Tides » Sockets

Beginners’ guide to socket programming with winsock

Binary Tides — Mon, 26 Dec 2011 10:10:42 +0000

What is this about

This is a quick guide/tutorial to learning socket programming in C language on Windows. “Windows” because the code snippets shown over here will work only on Windows. The windows api to socket programming is called winsock.

Sockets are the fundamental “things” behind any kind of network communications done by your computer. For example when you type www.google.com in your web browser, it opens a socket and connects to google.com to fetch the page and show it to you. Same with any chat client like gtalk or skype. Any network communication goes through a socket.

Before you begin

This tutorial assumes that you have basic knowledge of C and pointers. Also download Visual C++ 2010 Express Edition.

Initialising Winsock

Winsock first needs to be initialiased like this :

/*
	Initialise Winsock
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.");

	return 0;
}

winsock2.h is the header file to be included for winsock functions. ws2_32.lib is the library file to be linked with the program to be able to use winsock functions.

The WSAStartup function is used to start or initialise winsock library. It takes 2 parameters ; the first one is the version we want to load and second one is a WSADATA structure which will hold additional information after winsock has been loaded.

If any error occurs then the WSAStartup function would return a non zero value and WSAGetLastError can be used to get more information about what error happened.

OK , so next step is to create a socket.

Creating a socket

The socket() function is used to create a socket.
Here is a code sample :

/*
	Create a TCP socket
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	return 0;
}

Function socket() creates a socket and returns a socket descriptor which can be used in other network commands. The above code will create a socket of :

Address Family : AF_INET (this is IP version 4)
Type : SOCK_STREAM (this means connection oriented TCP protocol)
Protocol : 0 [ or IPPROTO_TCP , IPPROTO_UDP ]

It would be a good idea to read some documentation here

Ok , so you have created a socket successfully. But what next ? Next we shall try to connect to some server using this socket. We can connect to www.google.com

Note

Apart from SOCK_STREAM type of sockets there is another type called SOCK_DGRAM which indicates the UDP protocol. This type of socket is non-connection socket. In this tutorial we shall stick to SOCK_STREAM or TCP sockets.

Connect to a Server

We connect to a remote server on a certain port number. So we need 2 things , IP address and port number to connect to.

To connect to a remote server we need to do a couple of things. First is create a sockaddr_in structure with proper values filled in. Lets create one for ourselves :

struct sockaddr_in server;

Have a look at the structures

// IPv4 AF_INET sockets:
struct sockaddr_in {
    short            sin_family;   // e.g. AF_INET, AF_INET6
    unsigned short   sin_port;     // e.g. htons(3490)
    struct in_addr   sin_addr;     // see struct in_addr, below
    char             sin_zero[8];  // zero this if you want to
};

typedef struct in_addr {
  union {
    struct {
      u_char s_b1,s_b2,s_b3,s_b4;
    } S_un_b;
    struct {
      u_short s_w1,s_w2;
    } S_un_w;
    u_long S_addr;
  } S_un;
} IN_ADDR, *PIN_ADDR, FAR *LPIN_ADDR;

struct sockaddr {
    unsigned short    sa_family;    // address family, AF_xxx
    char              sa_data[14];  // 14 bytes of protocol address
};

The sockaddr_in has a member called sin_addr of type in_addr which has a s_addr which is nothing but a long. It contains the IP address in long format.

Function inet_addr is a very handy function to convert an IP address to a long format. This is how you do it :

server.sin_addr.s_addr = inet_addr("74.125.235.20");

So you need to know the IP address of the remote server you are connecting to. Here we used the ip address of google.com as a sample. A little later on we shall see how to find out the ip address of a given domain name.

The last thing needed is the connect function. It needs a socket and a sockaddr structure to connect to. Here is a code sample.

/*
	Create a TCP socket
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s;
	struct sockaddr_in server;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(s , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected");

	return 0;
}

It cannot be any simpler. It creates a socket and then connects. If you run the program it should show Connected.
Try connecting to a port different from port 80 and you should not be able to connect which indicates that the port is not open for connection.

OK , so we are now connected. Lets do the next thing , sending some data to the remote server.

Quick Note

The concept of “connections” apply to SOCK_STREAM/TCP type of sockets. Connection means a reliable “stream” of data such that there can be multiple such streams each having communication of its own. Think of this as a pipe which is not interfered by other data.

Other sockets like UDP , ICMP , ARP dont have a concept of “connection”. These are non-connection based communication. Which means you keep sending or receiving packets from anybody and everybody.

Sending Data

Function send will simply send data. It needs the socket descriptor , the data to send and its size.
Here is a very simple example of sending some data to google.com ip :

/*
	Create a TCP socket
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s;
	struct sockaddr_in server;
	char *message;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(s , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected");

	//Send some data
	message = "GET / HTTP/1.1\r\n\r\n";
	if( send(s , message , strlen(message) , 0) < 0)
	{
		puts("Send failed");
		return 1;
	}
	puts("Data Send\n");

	return 0;
}

In the above example , we first connect to an ip address and then send the string message “GET / HTTP/1.1\r\n\r\n” to it.
The message is actually a http command to fetch the mainpage of a website.

Now that we have send some data , its time to receive a reply from the server. So lets do it.

Receiving Data

Function recv is used to receive data on a socket. In the following example we shall send the same message as the last example and receive a reply from the server.

/*
	Create a TCP socket
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s;
	struct sockaddr_in server;
	char *message , server_reply[2000];
	int recv_size;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(s , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected");

	//Send some data
	message = "GET / HTTP/1.1\r\n\r\n";
	if( send(s , message , strlen(message) , 0) < 0)
	{
		puts("Send failed");
		return 1;
	}
	puts("Data Send\n");

	//Receive a reply from the server
	if((recv_size = recv(s , server_reply , 2000 , 0)) == SOCKET_ERROR)
	{
		puts("recv failed");
	}

	puts("Reply received\n");

	//Add a NULL terminating character to make it a proper string before printing
	server_reply[recv_size] = '\0';
	puts(server_reply);

	return 0;
}

Here is the output of the above code :


Initialising Winsock...Initialised.
Socket created.
Connected
Data Send

Reply received

HTTP/1.1 302 Found
Location: http://www.google.co.in/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=7da819edfd7af808:FF=0:TM=1324882923:LM=1324882923:S=PdlMu0TE
E3QKrmdB; expires=Wed, 25-Dec-2013 07:02:03 GMT; path=/; domain=.google.com
Date: Mon, 26 Dec 2011 07:02:03 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


302 Moved
302 Moved
The document has moved
here.


Press any key to continue

We can see what reply was send by the server. It looks something like Html, well IT IS html. Google.com replied with the content of the page we requested. Quite simple!

Now that we have received our reply, its time to close the socket.

Close socket

Function closesocket is used to close the socket. Also WSACleanup must be called to unload the winsock library (ws2_32.dll).

closesocket(s);
WSACleanup();

Thats it.

Lets Revise

So in the above example we learned how to :
1. Create a socket
2. Connect to remote server
3. Send some data
4. Receive a reply

Its useful to know that your web browser also does the same thing when you open www.google.com
This kind of socket activity represents a CLIENT. A client is a system that connects to a remote system to fetch or retrieve data.

The other kind of socket activity is called a SERVER. A server is a system that uses sockets to receive incoming connections and provide them with data. It is just the opposite of Client. So www.google.com is a server and your web browser is a client. Or more technically www.google.com is a HTTP Server and your web browser is an HTTP client.

Now its time to do some server tasks using sockets. But before we move ahead there are a few side topics that should be covered just incase you need them.

Get IP address of a hostname/domain

When connecting to a remote host , it is necessary to have its IP address. Function gethostbyname is used for this purpose. It takes the domain name as the parameter and returns a structure of type hostent. This structure has the ip information. It is present in netdb.h. Lets have a look at this structure

/* Description of data base entry for a single host.  */
struct hostent
{
  char *h_name;			/* Official name of host.  */
  char **h_aliases;		/* Alias list.  */
  int h_addrtype;		/* Host address type.  */
  int h_length;			/* Length of address.  */
  char **h_addr_list;		/* List of addresses from name server.  */
};

The h_addr_list has the IP addresses. So now lets have some code to use them.

/*
	Get IP address from domain name
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	char *hostname = "www.google.com";
	char ip[100];
	struct hostent *he;
	struct in_addr **addr_list;
	int i;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	if ( (he = gethostbyname( hostname ) ) == NULL)
	{
		//gethostbyname failed
		printf("gethostbyname failed : %d" , WSAGetLastError());
		return 1;
	}

	//Cast the h_addr_list to in_addr , since h_addr_list also has the ip address in long format only
	addr_list = (struct in_addr **) he->h_addr_list;

	for(i = 0; addr_list[i] != NULL; i++)
	{
		//Return the first one;
		strcpy(ip , inet_ntoa(*addr_list[i]) );
	}

	printf("%s resolved to : %s\n" , hostname , ip);
	return 0;
	return 0;
}

Output of the code would look like :

www.google.com resolved to : 74.125.235.20

So the above code can be used to find the ip address of any domain name. Then the ip address can be used to make a connection using a socket.

Function inet_ntoa will convert an IP address in long format to dotted format. This is just the opposite of inet_addr.

So far we have see some important structures that are used. Lets revise them :

1. sockaddr_in – Connection information. Used by connect , send , recv etc.
2. in_addr – Ip address in long format
3. sockaddr
4. hostent – The ip addresses of a hostname. Used by gethostbyname

Server Concepts

OK now onto server things. Servers basically do the following :

1. Open a socket
2. Bind to a address(and port).
3. Listen for incoming connections.
4. Accept connections
5. Read/Send

We have already learnt how to open a socket. So the next thing would be to bind it.

Bind a socket

Function bind can be used to bind a socket to a particular address and port. It needs a sockaddr_in structure similar to connect function.

Lets see a code example :

/*
	Bind socket to port 8888 on localhost
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s;
	struct sockaddr_in server;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(s ,(struct sockaddr *)&server , sizeof(server)) == SOCKET_ERROR)
	{
		printf("Bind failed with error code : %d" , WSAGetLastError());
	}

	puts("Bind done");

	closesocket(s);

	return 0;
}

Now that bind is done, its time to make the socket listen to connections. We bind a socket to a particular IP address and a certain port number. By doing this we ensure that all incoming data which is directed towards this port number is received by this application.

This makes it obvious that you cannot have 2 sockets bound to the same port.

Listen for connections

After binding a socket to a port the next thing we need to do is listen for connections. For this we need to put the socket in listening mode. Function listen is used to put the socket in listening mode. Just add the following line after bind.

//Listen
listen(s , 3);

Thats all. Now comes the main part of accepting new connections.

Accept connection

Function accept is used for this. Here is the code

/*
	Bind socket to port 8888 on localhost
*/

#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s , new_socket;
	struct sockaddr_in server , client;
	int c;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(s ,(struct sockaddr *)&server , sizeof(server)) == SOCKET_ERROR)
	{
		printf("Bind failed with error code : %d" , WSAGetLastError());
	}

	puts("Bind done");

	//Listen to incoming connections
	listen(s , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");

	c = sizeof(struct sockaddr_in);
	new_socket = accept(s , (struct sockaddr *)&client, &c);
	if (new_socket == INVALID_SOCKET)
	{
		printf("accept failed with error code : %d" , WSAGetLastError());
	}

	puts("Connection accepted");

	closesocket(s);
	WSACleanup();

	return 0;
}

Output

Run the program. It should show

Initialising Winsock...Initialised.
Socket created.
Bind done
Waiting for incoming connections...

So now this program is waiting for incoming connections on port 8888. Dont close this program , keep it running.
Now a client can connect to it on this port. We shall use the telnet client for testing this. Open a terminal and type

telnet localhost 8888

And the server output will show

Initialising Winsock...Initialised.
Socket created.
Bind done
Waiting for incoming connections...
Connection accepted
Press any key to continue

So we can see that the client connected to the server. Try the above process till you get it perfect.

Note

You can get the ip address of client and the port of connection by using the sockaddr_in structure passed to accept function. It is very simple :

char *client_ip = inet_ntoa(client.sin_addr);
int client_port = ntohs(client.sin_port);

We accepted an incoming connection but closed it immediately. This was not very productive. There are lots of things that can be done after an incoming connection is established. Afterall the connection was established for the purpose of communication. So lets reply to the client.

Here is an example :

/*
	Bind socket to port 8888 on localhost
*/
#include
#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s , new_socket;
	struct sockaddr_in server , client;
	int c;
	char *message;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(s ,(struct sockaddr *)&server , sizeof(server)) == SOCKET_ERROR)
	{
		printf("Bind failed with error code : %d" , WSAGetLastError());
	}

	puts("Bind done");

	//Listen to incoming connections
	listen(s , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");

	c = sizeof(struct sockaddr_in);
	new_socket = accept(s , (struct sockaddr *)&client, &c);
	if (new_socket == INVALID_SOCKET)
	{
		printf("accept failed with error code : %d" , WSAGetLastError());
	}

	puts("Connection accepted");

	//Reply to client
	message = "Hello Client , I have received your connection. But I have to go now, bye\n";
	send(new_socket , message , strlen(message) , 0);

	getchar();

	closesocket(s);
	WSACleanup();

	return 0;
}

Run the above code in 1 terminal. And connect to this server using telnet from another terminal and you should see this :

Hello Client , I have received your connection. But I have to go now, bye

So the client(telnet) received a reply from server. We had to use a getchar because otherwise the output would scroll out of the client terminal without waiting

We can see that the connection is closed immediately after that simply because the server program ends after accepting and sending reply. A server like www.google.com is always up to accept incoming connections.

It means that a server is supposed to be running all the time. Afterall its a server meant to serve. So we need to keep our server RUNNING non-stop. The simplest way to do this is to put the accept in a loop so that it can receive incoming connections all the time.

Live Server

So a live server will be alive for all time. Lets code this up :

/*
	Live Server on port 8888
*/
#include
#include
#include

#pragma comment(lib,"ws2_32.lib") //Winsock Library

int main(int argc , char *argv[])
{
	WSADATA wsa;
	SOCKET s , new_socket;
	struct sockaddr_in server , client;
	int c;
	char *message;

	printf("\nInitialising Winsock...");
	if (WSAStartup(MAKEWORD(2,2),&wsa) != 0)
	{
		printf("Failed. Error Code : %d",WSAGetLastError());
		return 1;
	}

	printf("Initialised.\n");

	//Create a socket
	if((s = socket(AF_INET , SOCK_STREAM , 0 )) == INVALID_SOCKET)
	{
		printf("Could not create socket : %d" , WSAGetLastError());
	}

	printf("Socket created.\n");

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(s ,(struct sockaddr *)&server , sizeof(server)) == SOCKET_ERROR)
	{
		printf("Bind failed with error code : %d" , WSAGetLastError());
		exit(EXIT_FAILURE);
	}

	puts("Bind done");

	//Listen to incoming connections
	listen(s , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");

	c = sizeof(struct sockaddr_in);

	while( (new_socket = accept(s , (struct sockaddr *)&client, &c)) != INVALID_SOCKET )
	{
		puts("Connection accepted");

		//Reply to the client
		message = "Hello Client , I have received your connection. But I have to go now, bye\n";
		send(new_socket , message , strlen(message) , 0);
	}

	if (new_socket == INVALID_SOCKET)
	{
		printf("accept failed with error code : %d" , WSAGetLastError());
		return 1;
	}

	closesocket(s);
	WSACleanup();

	return 0;
}

We havent done a lot there. Just the accept was put in a loop.

Now run the program in 1 terminal , and open 3 other terminals. From each of the 3 terminal do a telnet to the server port.

Run telnet like this

C:\>telnet

Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> open localhost 8888

Hello Client , I have received your connection. But I have to go now, bye

And the server terminal would show

Initialising Winsock...Initialised.
Socket created.
Bind done
Waiting for incoming connections...
Connection accepted
Connection accepted

So now the server is running nonstop and the telnet terminals are also connected nonstop. Now close the server program.
All telnet terminals would show “Connection to host lost.”
Good so far. But still there is not effective communication between the server and the client.

The server program accepts connections in a loop and just send them a reply, after that it does nothing with them. Also it is not able to handle more than 1 connection at a time. So now its time to handle the connections , and handle multiple connections together.

Handling Connections

To handle every connection we need a separate handling code to run along with the main server accepting connections.
One way to achieve this is using threads. The main server program accepts a connection and creates a new thread to handle communication for the connection, and then the server goes back to accept more connections.

We shall now use threads to create handlers for each connection the server accepts. Lets do it pal.

Run the above server and open 3 terminals like before. Now the server will create a thread for each client connecting to it.

The telnet terminals would show :

This one looks good , but the communication handler is also quite dumb. After the greeting it terminates. It should stay alive and keep communicating with the client.

One way to do this is by making the connection handler wait for some message from a client as long as the client is connected. If the client disconnects , the connection handler ends.

So the connection handler can be rewritten like this :

The above connection handler takes some input from the client and replies back with the same. Simple! Here is how the telnet output might look

So now we have a server thats communicative. Thats useful now.

Conclusion

The winsock api is quite similar to Linux sockets in terms of function name and structures. Few differences exist like :

1. Winsock needs to be initialised with the WSAStartup function. No such thing in linux.

2. Header file names are different. Winsock needs winsock2.h , whereas Linux needs socket.h , apra/inet.h , unistd.h and many others.

3. Winsock function to close a socket is closesocket , whereas on Linux it is close.
On Winsock WSACleanup must also be called to unload the winsock dll.

4. On winsock the error number is fetched by the function WSAGetLastError(). On Linux the errno variable from errno.h file is filled with the error number.

And there are many more differences as we go deep.

By now you must have learned the basics of socket programming in C. You can try out some experiments like writing a chat client or something similar.

If you think that the tutorial needs some addons or improvements or any of the code snippets above dont work then feel free to make a comment below so that it gets fixed.

Handle multiple socket connections with fd_set and select on Linux

Binary Tides — Sun, 25 Dec 2011 14:20:51 +0000

When writing server programs using sockets , it becomes necessary to handle multiple connections at a time , since a server needs to serve multiple clients.

There are many ways to do so. On linux this can be done in various ways like forking , threading , select method etc.

In this tutorial we shall use the select method approach. The select function allows the program to monitor multiple sockets for a certain “activity” to occur. For example if there is some data to be read on one of the sockets select will provide that information.

fd_set

An fd_set is a set of sockets to “monitor” for some activity. There are four useful macros : FD_CLR, FD_ISSET, FD_SET, FD_ZERO for dealing with an fd_set.

FD_ZERO – Clear an fd_set
FD_ISSET – Check if a descriptor is in an fd_set
FD_SET – Add a descriptor to an fd_set
FD_CLR – Remove a descriptor from an fd_set

//set of socket descriptors
fd_set readfds;

//socket to set
FD_SET( s , &readfds);

select

The select method takes a list of socket for monitoring them. Here is how :

activity = select( max_clients , &readfds , NULL , NULL , NULL);

The select function blocks , till an activity occurs. For example when a socket is ready to be read , select will return and readfs will have those sockets which are ready to be read.

Code

/*
 * @brief
 * manage multiple connections with FD_SET
 *
 * @author Silver Moon
 *
 * */

#include 
#include 	//strlen
#include 
#include 
#include 	//close
#include 	//close
#include 
#include 
#include 
#include 	//FD_SET, FD_ISSET, FD_ZERO macros

#define TRUE   1
#define FALSE  0

int main(int argc , char *argv[])
{
	int opt = TRUE;
	int master_socket , addrlen , new_socket , client_socket[30] , max_clients = 30 , activity, i , valread , s;
	struct sockaddr_in address;

	char buffer[1025];	//data buffer of 1K

	//set of socket descriptors
	fd_set readfds;

	//a message
	char *message = "ECHO Daemon v1.0 \r\n";

	//initialise all client_socket[] to 0 so not checked
	for (i = 0; i < max_clients; i++)
	{
		client_socket[i] = 0;
	}

	//create a master socket
	if( (master_socket = socket(AF_INET , SOCK_STREAM , 0)) == 0)
	{
		perror("socket failed");
		exit(EXIT_FAILURE);
	}

	//set master socket to allow multiple connections , this is just a good habit, it will work without this
	if( setsockopt(master_socket, SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)) < 0 )
	{
		perror("setsockopt");
		exit(EXIT_FAILURE);
	}

	//type of socket created
	address.sin_family = AF_INET;
	address.sin_addr.s_addr = INADDR_ANY;
	address.sin_port = htons( 8888 );

	//bind the socket to localhost port 8888
	if (bind(master_socket, (struct sockaddr *)&address, sizeof(address))<0)
	{
		perror("bind failed");
		exit(EXIT_FAILURE);
	}

	//try to specify maximum of 3 pending connections for the master socket
	if (listen(master_socket, 3) < 0)
	{
		perror("listen");
		exit(EXIT_FAILURE);
	}

	//accept the incoming connection
	addrlen = sizeof(address);
	puts("Waiting for connections...");
	while(TRUE)
	{
		//clear the socket set
		FD_ZERO(&readfds);

		//add master socket to set
		FD_SET(master_socket, &readfds);

		//add child sockets to set
		for ( i = 0 ; i < max_clients ; i++)
		{
			s = client_socket[i];
			if(s > 0)
			{
				FD_SET( s , &readfds);
			}
		}

		//wait for an activity on one of the sockets , timeout is NULL , so wait indefinitely
		activity = select( max_clients + 3 , &readfds , NULL , NULL , NULL);

		if ((activity < 0) && (errno!=EINTR))
		{
			printf("select error");
		}

		//If something happened on the master socket , then its an incoming connection
		if (FD_ISSET(master_socket, &readfds))
		{
			if ((new_socket = accept(master_socket, (struct sockaddr *)&address, (socklen_t*)&addrlen))<0)
			{
				perror("accept");
				exit(EXIT_FAILURE);
			}

			//inform user of socket number - used in send and receive commands
			printf("New connection , socket fd is %d , ip is : %s , port : %d \n" , new_socket , inet_ntoa(address.sin_addr) , ntohs(address.sin_port));

			//send new connection greeting message
			if( send(new_socket, message, strlen(message), 0) != strlen(message) )
			{
				perror("send");
			}

			puts("Welcome message sent successfully");

			//add new socket to array of sockets
			for (i = 0; i < max_clients; i++)
			{
				s = client_socket[i];
				if (s == 0)
				{
					client_socket[i] = new_socket;
					printf("Adding to list of sockets as %d\n" , i);
					i = max_clients;
				}
			}
		}

		//else its some IO operation on some other socket :)
		for (i = 0; i < max_clients; i++)
		{
			s = client_socket[i];

			if (FD_ISSET( s , &readfds))
			{
				//Check if it was for closing , and also read the incoming message
				if ((valread = read( s , buffer, 1024)) == 0)
				{
					//Somebody disconnected , get his details and print
					getpeername(s , (struct sockaddr*)&address , (socklen_t*)&addrlen);
					printf("Host disconnected , ip %s , port %d \n" , inet_ntoa(address.sin_addr) , ntohs(address.sin_port));

					//Close the socket and mark as 0 in list for reuse
					close( s );
					client_socket[i] = 0;
				}

				//Echo back the message that came in
				else
				{
					//set the terminating NULL byte on the end of the data read
					buffer[valread] = '\0';
					send( s , buffer , strlen(buffer) , 0 );
				}
			}
		}
	}

	return 0;
}

Compile and run the above program. Then connect to it using telnet from 3 different terminals.

$ telnet localhost 8888

Now whatever you type and send to server will be send back as it is, or echoed.

The server terminal would show details of connections like this :

Waiting for connections...
New connection , socket fd is 4 , ip is : 127.0.0.1 , port : 57831
Welcome message sent successfully
Adding to list of sockets as 0
New connection , socket fd is 5 , ip is : 127.0.0.1 , port : 57832
Welcome message sent successfully
Adding to list of sockets as 1
New connection , socket fd is 6 , ip is : 127.0.0.1 , port : 57833
Welcome message sent successfully
Adding to list of sockets as 2
New connection , socket fd is 7 , ip is : 127.0.0.1 , port : 57834
Welcome message sent successfully

The client terminal can be like this


$ telnet localhost 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ECHO Daemon v1.0
ccc
ccc
ddd
ddd
fff
fff

There are other functions that can perform tasks similar to select. pselect , poll , ppoll

References

1. http://pubs.opengroup.org/onlinepubs/7908799/xsh/select.html

2. http://linux.die.net/man/2/select

Beginners guide to socket programming in C on Linux

Binary Tides — Sat, 24 Dec 2011 07:59:48 +0000

What is this about

This is a quick guide/tutorial to learning socket programming in C language on a Linux system. “Linux” because the code snippets shown over here will work only on a Linux system and not on Windows. The windows api to socket programming is called winsock and we shall go through it in another tutorial.

Before you begin

This tutorial assumes that you have basic knowledge of C and pointers. You will need to have gcc compiler installed on your Linux system. An IDE along with gcc would be great. I would recommend geany as you can quickly edit and run single file programs in it without much configurations. On ubuntu you can do a sudo apt-get install geany on the terminal.

All along the tutorial there are code snippets to demonstrate some concepts. You can run those code snippets in geany rightaway and test the results to better understand the concepts.

Creating a socket

This first thing to do is create a socket. The socket() function does this.
Here is a code sample :

#include
#include 

int main(int argc , char *argv[])
{
	int socket_desc;
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);

	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	return 0;
}

Function socket() creates a socket and returns a socket descriptor which can be used in other network commands. The above code will create a socket of :

Address Family : AF_INET (this is IP version 4)
Type : SOCK_STREAM (this means connection oriented TCP protocol)
Protocol : 0 [ or IPPROTO_IP This is IP protocol]

Ok , so you have created a socket successfully. But what next ? Next we shall try to connect to some server using this socket. We can connect to www.google.com

Note

Connect to a Server

We connect to a remote server on a certain port number. So we need 2 things , IP address and port number to connect to.

To connect to a remote server we need to do a couple of things. First is create a sockaddr_in structure with proper values filled in. Lets create one for ourselves :

struct sockaddr_in server;

Have a look at the structure

// IPv4 AF_INET sockets:
struct sockaddr_in {
    short            sin_family;   // e.g. AF_INET, AF_INET6
    unsigned short   sin_port;     // e.g. htons(3490)
    struct in_addr   sin_addr;     // see struct in_addr, below
    char             sin_zero[8];  // zero this if you want to
};

struct in_addr {
    unsigned long s_addr;          // load with inet_pton()
};

struct sockaddr {
    unsigned short    sa_family;    // address family, AF_xxx
    char              sa_data[14];  // 14 bytes of protocol address
};

The sockaddr_in has a member called sin_addr of type in_addr which has a s_addr which is nothing but a long. It contains the IP address in long format.

Function inet_addr is a very handy function to convert an IP address to a long format. This is how you do it :

server.sin_addr.s_addr = inet_addr("74.125.235.20");

The last thing needed is the connect function. It needs a socket and a sockaddr structure to connect to. Here is a code sample.

#include
#include
#include	//inet_addr

int main(int argc , char *argv[])
{
	int socket_desc;
	struct sockaddr_in server;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected");
	return 0;
}

OK , so we are now connected. Lets do the next thing , sending some data to the remote server.

Quick Note

Sending Data

Function send will simply send data. It needs the socket descriptor , the data to send and its size.
Here is a very simple example of sending some data to google.com ip :

#include
#include	//strlen
#include
#include	//inet_addr

int main(int argc , char *argv[])
{
	int socket_desc;
	struct sockaddr_in server;
	char *message;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected\n");

	//Send some data
	message = "GET / HTTP/1.1\r\n\r\n";
	if( send(socket_desc , message , strlen(message) , 0) < 0)
	{
		puts("Send failed");
		return 1;
	}
	puts("Data Send\n");

	return 0;
}

Now that we have send some data , its time to receive a reply from the server. So lets do it.

Note

When sending data to a socket you are basically writing data to that socket. This is similar to writing data to a file. Hence you can also use the write function to send data to a socket. Later in this tutorial we shall use write function to send data.

Receiving Data

Function recv is used to receive data on a socket. In the following example we shall send the same message as the last example and receive a reply from the server.

#include
#include	//strlen
#include
#include	//inet_addr

int main(int argc , char *argv[])
{
	int socket_desc;
	struct sockaddr_in server;
	char *message , server_reply[2000];

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	server.sin_addr.s_addr = inet_addr("74.125.235.20");
	server.sin_family = AF_INET;
	server.sin_port = htons( 80 );

	//Connect to remote server
	if (connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("connect error");
		return 1;
	}

	puts("Connected\n");

	//Send some data
	message = "GET / HTTP/1.1\r\n\r\n";
	if( send(socket_desc , message , strlen(message) , 0) < 0)
	{
		puts("Send failed");
		return 1;
	}
	puts("Data Send\n");

	//Receive a reply from the server
	if( recv(socket_desc, server_reply , 2000 , 0) < 0)
	{
		puts("recv failed");
	}
	puts("Reply received\n");
	puts(server_reply);

	return 0;
}

Here is the output of the above code :

Connected

Data Send

Reply received

HTTP/1.1 302 Found
Location: http://www.google.co.in/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=0edd21a16f0db219:FF=0:TM=1324644706:LM=1324644706:S=z6hDC9cZfGEowv_o; expires=Sun, 22-Dec-2013 12:51:46 GMT; path=/; domain=.google.com
Date: Fri, 23 Dec 2011 12:51:46 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


302 Moved
302 Moved
The document has moved
here.

We can see what reply was send by the server. It looks something like Html, well IT IS html. Google.com replied with the content of the page we requested. Quite simple!

Note

When receiving data on a socket , we are basically reading the data on the socket. This is similar to reading data from a file. So we can also use the read function to read data on a socket. For example :

read(socket_desc, server_reply , 2000);

Now that we have received our reply, its time to close the socket.

Close socket

Function close is used to close the socket. Need to include the unistd.h header file for this.

close(socket_desc);

Thats it.

Lets Revise

So in the above example we learned how to :
1. Create a socket
2. Connect to remote server
3. Send some data
4. Receive a reply

Now its time to do some server tasks using sockets. But before we move ahead there are a few side topics that should be covered just incase you need them.

Get IP address of a hostname/domain

/* Description of data base entry for a single host.  */
struct hostent
{
  char *h_name;			/* Official name of host.  */
  char **h_aliases;		/* Alias list.  */
  int h_addrtype;		/* Host address type.  */
  int h_length;			/* Length of address.  */
  char **h_addr_list;		/* List of addresses from name server.  */
};

The h_addr_list has the IP addresses. So now lets have some code to use them.

#include //printf
#include //strcpy
#include
#include	//hostent
#include

int main(int argc , char *argv[])
{
	char *hostname = "www.google.com";
	char ip[100];
	struct hostent *he;
	struct in_addr **addr_list;
	int i;

	if ( (he = gethostbyname( hostname ) ) == NULL)
	{
		//gethostbyname failed
		herror("gethostbyname");
		return 1;
	}

	//Cast the h_addr_list to in_addr , since h_addr_list also has the ip address in long format only
	addr_list = (struct in_addr **) he->h_addr_list;

	for(i = 0; addr_list[i] != NULL; i++)
	{
		//Return the first one;
		strcpy(ip , inet_ntoa(*addr_list[i]) );
	}

	printf("%s resolved to : %s" , hostname , ip);
	return 0;
}

Output of the code would look like :

www.google.com resolved to : 74.125.235.20

So the above code can be used to find the ip address of any domain name. Then the ip address can be used to make a connection using a socket.

Function inet_ntoa will convert an IP address in long format to dotted format. This is just the opposite of inet_addr.

So far we have see some important structures that are used. Lets revise them :

Server Concepts

OK now onto server things. Servers basically do the following :

1. Open a socket
2. Bind to a address(and port).
3. Listen for incoming connections.
4. Accept connections
5. Read/Send

We have already learnt how to open a socket. So the next thing would be to bind it.

Bind a socket

Function bind can be used to bind a socket to a particular address and port. It needs a sockaddr_in structure similar to connect function.

Lets see a code example :

#include
#include
#include	//inet_addr

int main(int argc , char *argv[])
{
	int socket_desc;
	struct sockaddr_in server;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("bind failed");
	}
	puts("bind done");

	return 0;
}

This makes it obvious that you cannot have 2 sockets bound to the same port.

Listen for connections

//Listen
listen(socket_desc , 3);

Thats all. Now comes the main part of accepting new connections.

Accept connection

Function accept is used for this. Here is the code

#include
#include
#include	//inet_addr

int main(int argc , char *argv[])
{
	int socket_desc , new_socket , c;
	struct sockaddr_in server , client;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("bind failed");
	}
	puts("bind done");

	//Listen
	listen(socket_desc , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");
	c = sizeof(struct sockaddr_in);
	new_socket = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c);
	if (new_socket<0)
	{
		perror("accept failed");
	}

	puts("Connection accepted");

	return 0;
}

Output

Run the program. It should show

bind done
Waiting for incoming connections...

$ telnet localhost 8888

On the terminal you shall get

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

And the server output will show

bind done
Waiting for incoming connections...
Connection accepted

So we can see that the client connected to the server. Try the above process till you get it perfect.

Note

You can get the ip address of client and the port of connection by using the sockaddr_in structure passed to accept function. It is very simple :

char *client_ip = inet_ntoa(client.sin_addr);
int client_port = ntohs(client.sin_port);

We can simply use the write function to write something to the socket of the incoming connection and the client should see it. Here is an example :

#include
#include	//strlen
#include
#include	//inet_addr
#include	//write

int main(int argc , char *argv[])
{
	int socket_desc , new_socket , c;
	struct sockaddr_in server , client;
	char *message;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("bind failed");
		return 1;
	}
	puts("bind done");

	//Listen
	listen(socket_desc , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");
	c = sizeof(struct sockaddr_in);
	new_socket = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c);
	if (new_socket<0)
	{
		perror("accept failed");
		return 1;
	}

	puts("Connection accepted");

	//Reply to the client
	message = "Hello Client , I have received your connection. But I have to go now, bye\n";
	write(new_socket , message , strlen(message));

	return 0;
}

Run the above code in 1 terminal. And connect to this server using telnet from another terminal and you should see this :

$ telnet localhost 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello Client , I have received your connection. But I have to go now, bye
Connection closed by foreign host.

So the client(telnet) received a reply from server.

Live Server

So a live server will be alive for all time. Lets code this up :

#include
#include	//strlen
#include
#include	//inet_addr
#include	//write

int main(int argc , char *argv[])
{
	int socket_desc , new_socket , c;
	struct sockaddr_in server , client;
	char *message;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("bind failed");
		return 1;
	}
	puts("bind done");

	//Listen
	listen(socket_desc , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");
	c = sizeof(struct sockaddr_in);
	while( (new_socket = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c)) )
	{
		puts("Connection accepted");

		//Reply to the client
		message = "Hello Client , I have received your connection. But I have to go now, bye\n";
		write(new_socket , message , strlen(message));
	}

	if (new_socket<0)
	{
		perror("accept failed");
		return 1;
	}

	return 0;
}

We havent done a lot there. Just the accept was put in a loop.

Now run the program in 1 terminal , and open 3 other terminals. From each of the 3 terminal do a telnet to the server port.

Each of the telnet terminal would show :

$ telnet localhost 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello Client , I have received your connection. But I have to go now, bye

And the server terminal would show

bind done
Waiting for incoming connections...
Connection accepted
Connection accepted
Connection accepted

So now the server is running nonstop and the telnet terminals are also connected nonstop. Now close the server program.
All telnet terminals would show “Connection closed by foreign host.”
Good so far. But still there is not effective communication between the server and the client.

Handling Connections

On Linux threading can be done with the pthread (posix threads) library. It would be good to read some small tutorial about it if you dont know anything about it. However the usage is not very complicated.

We shall now use threads to create handlers for each connection the server accepts. Lets do it pal.


#include
#include	//strlen
#include	//strlen
#include
#include	//inet_addr
#include	//write

#include //for threading , link with lpthread

void *connection_handler(void *);

int main(int argc , char *argv[])
{
	int socket_desc , new_socket , c , *new_sock;
	struct sockaddr_in server , client;
	char *message;

	//Create socket
	socket_desc = socket(AF_INET , SOCK_STREAM , 0);
	if (socket_desc == -1)
	{
		printf("Could not create socket");
	}

	//Prepare the sockaddr_in structure
	server.sin_family = AF_INET;
	server.sin_addr.s_addr = INADDR_ANY;
	server.sin_port = htons( 8888 );

	//Bind
	if( bind(socket_desc,(struct sockaddr *)&server , sizeof(server)) < 0)
	{
		puts("bind failed");
		return 1;
	}
	puts("bind done");

	//Listen
	listen(socket_desc , 3);

	//Accept and incoming connection
	puts("Waiting for incoming connections...");
	c = sizeof(struct sockaddr_in);
	while( (new_socket = accept(socket_desc, (struct sockaddr *)&client, (socklen_t*)&c)) )
	{
		puts("Connection accepted");

		//Reply to the client
		message = "Hello Client , I have received your connection. And now I will assign a handler for you\n";
		write(new_socket , message , strlen(message));

		pthread_t sniffer_thread;
		new_sock = malloc(1);
		*new_sock = new_socket;

		if( pthread_create( &sniffer_thread , NULL ,  connection_handler , (void*) new_sock) < 0)
		{
			perror("could not create thread");
			return 1;
		}

		//Now join the thread , so that we dont terminate before the thread
		//pthread_join( sniffer_thread , NULL);
		puts("Handler assigned");
	}

	if (new_socket<0)
	{
		perror("accept failed");
		return 1;
	}

	return 0;
}

/*
 * This will handle connection for each client
 * */
void *connection_handler(void *socket_desc)
{
	//Get the socket descriptor
	int sock = *(int*)socket_desc;

	char *message;

	//Send some messages to the client
	message = "Greetings! I am your connection handler\n";
	write(sock , message , strlen(message));

	message = "Its my duty to communicate with you";
	write(sock , message , strlen(message));

	//Free the socket pointer
	free(socket_desc);

	return 0;
}

Run the above server and open 3 terminals like before. Now the server will create a thread for each client connecting to it.

The telnet terminals would show :

$ telnet localhost 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello Client , I have received your connection. And now I will assign a handler for you
Hello I am your connection handler
Its my duty to communicate with you

This one looks good , but the communication handler is also quite dumb. After the greeting it terminates. It should stay alive and keep communicating with the client.

One way to do this is by making the connection handler wait for some message from a client as long as the client is connected. If the client disconnects , the connection handler ends.

So the connection handler can be rewritten like this :


/*
 * This will handle connection for each client
 * */
void *connection_handler(void *socket_desc)
{
	//Get the socket descriptor
	int sock = *(int*)socket_desc;
	int read_size;
	char *message , client_message[2000];

	//Send some messages to the client
	message = "Greetings! I am your connection handler\n";
	write(sock , message , strlen(message));

	message = "Now type something and i shall repeat what you type \n";
	write(sock , message , strlen(message));

	//Receive a message from client
	while( (read_size = recv(sock , client_message , 2000 , 0)) > 0 )
	{
		//Send the message back to client
		write(sock , client_message , strlen(client_message));
	}

	if(read_size == 0)
	{
		puts("Client disconnected");
		fflush(stdout);
	}
	else if(read_size == -1)
	{
		perror("recv failed");
	}

	//Free the socket pointer
	free(socket_desc);

	return 0;
}

The above connection handler takes some input from the client and replies back with the same. Simple! Here is how the telnet output might look

$ telnet localhost 8888
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Hello Client , I have received your connection. And now I will assign a handler for you
Greetings! I am your connection handler
Now type something and i shall repeat what you type
Hello
Hello
How are you
How are you
I am fine
I am fine

So now we have a server thats communicative. Thats useful now.

Note

When compiling programs that use the pthread library you need to link the library. This is done like this :

gcc program.c -lpthread

Conclusion

By now you must have learned the basics of socket programming in C. You can try out some experiments like writing a chat client or something similar.

If you think that the tutorial needs some addons or improvements or any of the code snippets above dont work then feel free to make a comment below so that it gets fixed.

Gui whois client in python with wxpython

Binary Tides — Fri, 23 Dec 2011 07:09:11 +0000

Wxpython is the python port of wxwidgets gui library. On ubuntu wxpython can be installed from synaptic. On windows it can be downloaded from the website wxpython.org

And here is a small program that pops up a simple window , to take a domain name and perform a whois for that domain.

#!/usr/bin/python

#@author Silver Moon
#@email m00n.silv3r@gmail.com

import wx
import socket
import thread

#A class which will open a window , it is a wx.Frame type of window
class WhoisForm(wx.Frame):
    def __init__(self, parent):

        #Call the parent constructor
        wx.Frame.__init__(self, parent, -1 , size=(500,350), title="Whois Utility")

        #Create some components like the GUI
        self.InitComponents()
    #End

    def InitComponents(self):
        #Now onto other GUI creation
        panel = wx.Panel(self, -1)

        #This sizer shall contain the individual controls
        fgs = wx.FlexGridSizer(3, 2, 9, 25)     

        #Create some static text controls
        server = wx.StaticText(panel, -1, 'Enter Hostname')
        result = wx.StaticText(panel, -1, 'Whois Result')

        #Create some text boxes and buttons , remember they all belong to the panel
        self.txtServer = wx.TextCtrl(panel, -1)

        btnWhois = wx.Button(panel ,  20 , "Whois")
        self.Bind(wx.EVT_BUTTON, self.OnButtonWhois, btnWhois)
        btnWhois.SetToolTipString("Click to get whois information for the domain name.")
        self.button_whois = btnWhois

        self.txtResult = wx.TextCtrl(panel, -1, style=wx.TE_MULTILINE)

        #Add the input field and submit button to a Box Sizer since the must stay together
        space = wx.BoxSizer()
        #Text field should be expandable
        space.Add(self.txtServer , 1 , wx.RIGHT , 10)
        #Button should not expand and stay to right
        space.Add(btnWhois , 0 , wx.ALIGN_RIGHT)

        #Create a list to add these controls to the sizer :)
        mybag = [
                    (server) , (space ,1 , wx.EXPAND) , \
                    (result) , (self.txtResult , 1 , wx.EXPAND), \
                ]

        fgs.AddMany(mybag)

        #Define the parts that grow and shrink on resizing
        fgs.AddGrowableRow(1, 1)
        fgs.AddGrowableCol(1, 1)
        box = wx.BoxSizer()
        box.Add(fgs, 1 , wx.EXPAND | wx.ALL , 20)
        panel.SetSizer(box)

        sizer = wx.BoxSizer()
        sizer.Add(panel, 1, wx.EXPAND)
        self.SetSizer(sizer)

        wx.CallAfter(self.Layout)
    #End

    def get_focus(self) :
		self.button_whois.SetFocus()

    #Event handler for the button
    def OnButtonWhois(self , evt):
        #Start a worker thread so that GUI is not kept busy , like the button being pressed
        thread.start_new_thread(self.worker_thread , ())
    #End

    def worker_thread(self) :
		#Get the domain name from the input control
        domain = self.txtServer.GetValue()
        if domain == '':
            wx.MessageBox('Please Enter the domain name','Error')
            return

        #Get the whois data
        whois_data = self.perform_whois(domain)

        #Fill the result box
        r = self.txtResult
        r.SetValue('')
        r.AppendText(whois_data)

    #Function to perform the whois on a domain name
    def perform_whois(self , domain):

        #remove http and www
        domain = domain.replace('http://','')
        domain = domain.replace('www.','')

        #get the extension , .com , .org , .edu
        ext = domain[-3:]

        #If top level domain .com .org .net
        if(ext == 'com' or ext == 'org' or ext == 'net'):
            whois = 'whois.internic.net'
            s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
            s.connect((whois , 43))
            s.send(domain + '\r\n')
            msg = ''
            while len(msg) < 10000:
                chunk = s.recv(100)
                if(chunk == ''):
                    break
                msg = msg + chunk

            #Now scan the reply for the whois server
            lines = msg.splitlines()
            for line in lines:
                if ':' in line:
                    words = line.split(':')
                    if 'whois.' in words[1] and 'Whois' in words[0]:
                        whois = words[1].strip()
                        break;

        #Or Country level - contact whois.iana.org to find the whois server of a particular TLD
        else:
			#Break again like , co.uk to uk
            ext = domain.split('.')[-1]

            #This will tell the whois server for the particular country
            whois = 'whois.iana.org'
            s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
            s.connect((whois , 43))
            s.send(ext + '\r\n')

            #Receive some reply
            msg = ''
            while len(msg) < 10000:
                chunk = s.recv(100)
                if(chunk == ''):
                    break
                msg = msg + chunk

            #Now search the reply for a whois server
            lines = msg.splitlines()
            for line in lines:
                if ':' in line:
                    words = line.split(':')
                    if 'whois.' in words[1] and 'Whois Server (port 43)' in words[0]:
                        whois = words[1].strip()
                        break;

        #Now contact the final whois server
        s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
        s.connect((whois , 43))
        s.send(domain + '\r\n\r\n')
        msg = ''

        #Receive the reply
        while len(msg) < 10000:
            chunk = s.recv(100)
            if(chunk == ''):
                break
            msg = msg + chunk

        #Return the reply
        return msg

    #End
#End

#Create an application
app = wx.App()

#Create the windows :)
window = WhoisForm(None)
window.Show()
window.get_focus()

#Start application event loop
app.MainLoop()

Whois client code in C with Linux sockets

Binary Tides — Fri, 23 Dec 2011 06:47:17 +0000

A whois client is a program that will simply fetch the whois information for a domain/ip address from the whois servers. The code over here works according to the algorithm discussed here.

Code

/*
 * @brief
 * Whois client program
 *
 * @details
 * This program shall perform whois for a domain and get you the whois data of that domain
 *
 * @author Silver Moon ( m00n.silv3r@gmail.com )
 * */

#include	//scanf , printf
#include	//strtok
#include	//realloc
#include	//socket
#include //sockaddr_in
#include	//getsockname
#include	//hostent
#include	//close

int get_whois_data(char * , char **);
int hostname_to_ip(char * , char *);
int whois_query(char * , char * , char **);
char *str_replace(char *search , char *replace , char *subject );

int main(int argc , char *argv[])
{
	char domain[100] , *data = NULL;

	printf("Enter domain name to whois : ");
	scanf("%s" , domain);

	get_whois_data(domain , &data);

	//puts(data);
	return 0;
}

/*
 * Get the whois data of a domain
 * */
int get_whois_data(char *domain , char **data)
{
	char ext[1024] , *pch , *response = NULL , *response_2 = NULL , *wch , *dt;

	//remove "http://" and "www."
	domain = str_replace("http://" , "" , domain);
	domain = str_replace("www." , "" , domain);

	//get the extension , com , org , edu
	dt = strdup(domain);
	if(dt == NULL)
	{
		printf("strdup failed");
	}
	pch = (char*)strtok(dt , ".");
	while(pch != NULL)
	{
		strcpy(ext , pch);
		pch = strtok(NULL , ".");
	}

	//This will tell the whois server for the particular TLD like com , org
	if(whois_query("whois.iana.org" , ext , &response))
	{
		printf("Whois query failed");
	}

	//Now analysze the response :)
	pch = strtok(response , "\n");
	while(pch != NULL)
	{
		//Check if whois line
		wch = strstr(pch , "whois.");
		if(wch != NULL)
		{
			break;
		}

		//Next line please
		pch = strtok(NULL , "\n");
	}

	//Now we have the TLD whois server in wch , query again
	//This will provide minimal whois information along with the parent whois server of the specific domain :)
	free(response);
	//This should not be necessary , but segmentation fault without this , why ?
	response = NULL;
	if(wch != NULL)
	{
		printf("\nTLD Whois server is : %s" , wch);
		if(whois_query(wch , domain , &response))
		{
			printf("Whois query failed");
		}
	}
	else
	{
		printf("\nTLD whois server for %s not found" , ext);
		return 1;
	}

	response_2 = strdup(response);

	//Again search for a whois server in this response. :)
	pch = strtok(response , "\n");
	while(pch != NULL)
	{
		//Check if whois line
		wch = strstr(pch , "whois.");
		if(wch != NULL)
		{
			break;
		}

		//Next line please
		pch = strtok(NULL , "\n");
	}

	/*
	 * If a registrar whois server is found then query it
	 * */
	if(wch)
	{
		//Now we have the registrar whois server , this has the direct full information of the particular domain
		//so lets query again

		printf("\nRegistrar Whois server is : %s" , wch);

		if(whois_query(wch , domain , &response))
		{
			printf("Whois query failed");
		}

		printf("\n%s" , response);
	}

	/*
	 * otherwise echo the output from the previous whois result
	 * */
	else
	{
		printf("%s" , response_2);
	}
	return 0;
}

/*
 * Perform a whois query to a server and record the response
 * */
int whois_query(char *server , char *query , char **response)
{
	char ip[32] , message[100] , buffer[1500];
	int sock , read_size , total_size = 0;
	struct sockaddr_in dest;

	sock = socket(AF_INET , SOCK_STREAM , IPPROTO_TCP);

    //Prepare connection structures :)
    memset( &dest , 0 , sizeof(dest) );
    dest.sin_family = AF_INET;

	printf("\nResolving %s..." , server);
	if(hostname_to_ip(server , ip))
	{
		printf("Failed");
		return 1;
	}
	printf("%s" , ip);
	dest.sin_addr.s_addr = inet_addr( ip );
	dest.sin_port = htons( 43 );

	//Now connect to remote server
	if(connect( sock , (const struct sockaddr*) &dest , sizeof(dest) ) < 0)
	{
		perror("connect failed");
	}

	//Now send some data or message
	printf("\nQuerying for ... %s ..." , query);
	sprintf(message , "%s\r\n" , query);
	if( send(sock , message , strlen(message) , 0) < 0)
	{
		perror("send failed");
	}

	//Now receive the response
	while( (read_size = recv(sock , buffer , sizeof(buffer) , 0) ) )
	{
		*response = realloc(*response , read_size + total_size);
		if(*response == NULL)
		{
			printf("realloc failed");
		}
		memcpy(*response + total_size , buffer , read_size);
		total_size += read_size;
	}
	printf("Done");
	fflush(stdout);

	*response = realloc(*response , total_size + 1);
	*(*response + total_size) = '\0';

	close(sock);
	return 0;
}

/*
 * @brief
 * Get the ip address of a given hostname
 *
 * */
int hostname_to_ip(char * hostname , char* ip)
{
	struct hostent *he;
	struct in_addr **addr_list;
	int i;

	if ( (he = gethostbyname( hostname ) ) == NULL)
	{
		// get the host info
		herror("gethostbyname");
		return 1;
	}

	addr_list = (struct in_addr **) he->h_addr_list;

	for(i = 0; addr_list[i] != NULL; i++)
	{
		//Return the first one;
		strcpy(ip , inet_ntoa(*addr_list[i]) );
		return 0;
	}

	return 0;
}

/*
 * Search and replace a string with another string , in a string
 * */
char *str_replace(char *search , char *replace , char *subject)
{
	char  *p = NULL , *old = NULL , *new_subject = NULL ;
	int c = 0 , search_size;

	search_size = strlen(search);

	//Count how many occurences
	for(p = strstr(subject , search) ; p != NULL ; p = strstr(p + search_size , search))
	{
		c++;
	}

	//Final size
	c = ( strlen(replace) - search_size )*c + strlen(subject);

	//New subject with new size
	new_subject = malloc( c );

	//Set it to blank
	strcpy(new_subject , "");

	//The start position
	old = subject;

	for(p = strstr(subject , search) ; p != NULL ; p = strstr(p + search_size , search))
	{
		//move ahead and copy some text from original subject , from a certain position
		strncpy(new_subject + strlen(new_subject) , old , p - old);

		//move ahead and copy the replacement text
		strcpy(new_subject + strlen(new_subject) , replace);

		//The new start position after this search match
		old = p + search_size;
	}

	//Copy the part after the last search match
	strcpy(new_subject + strlen(new_subject) , old);

	return new_subject;
}

hostname_to_ip – This is a simple function to get an IP of a domain.
str_replace – This is a generic string processing function that is used to search for a string in another big string and replace it with another string.

Output

Enter domain name to whois : www.wikipedia.org

Resolving whois.iana.org...192.0.47.59
Querying for ... org ...Done
TLD Whois server is : whois.pir.org
Resolving whois.pir.org...149.17.192.7
Querying for ... wikipedia.org ...DoneAccess to .ORG WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Public Interest Registry registry database. The data in this record is provided by
Public Interest Registry for informational purposes only, and Public Interest Registry does not
guarantee its accuracy.  This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. Public Interest Registry reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy. 

Domain ID:D51687756-LROR
Domain Name:WIKIPEDIA.ORG
Created On:13-Jan-2001 00:12:14 UTC
Last Updated On:02-Dec-2009 20:57:17 UTC
Expiration Date:13-Jan-2015 00:12:14 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR31094073
Registrant Name:DNS Admin
Registrant Organization:Wikimedia Foundation, Inc.
Registrant Street1:149 New Montgomery Street
Registrant Street2:Third Floor
Registrant Street3:
Registrant City:San Francisco
Registrant State/Province:California
Registrant Postal Code:94105
Registrant Country:US
Registrant Phone:+1.4158396885
Registrant Phone Ext.:
Registrant FAX:+1.4158820495
Registrant FAX Ext.:
Registrant Email:dns-admin@wikimedia.org
Admin ID:CR31094075
Admin Name:DNS Admin
Admin Organization:Wikimedia Foundation, Inc.
Admin Street1:149 New Montgomery Street
Admin Street2:Third Floor
Admin Street3:
Admin City:San Francisco
Admin State/Province:California
Admin Postal Code:94105
Admin Country:US
Admin Phone:+1.4158396885
Admin Phone Ext.:
Admin FAX:+1.4158820495
Admin FAX Ext.:
Admin Email:dns-admin@wikimedia.org
Tech ID:CR31094074
Tech Name:DNS Admin
Tech Organization:Wikimedia Foundation, Inc.
Tech Street1:149 New Montgomery Street
Tech Street2:Third Floor
Tech Street3:
Tech City:San Francisco
Tech State/Province:California
Tech Postal Code:94105
Tech Country:US
Tech Phone:+1.4158396885
Tech Phone Ext.:
Tech FAX:+1.4158820495
Tech FAX Ext.:
Tech Email:dns-admin@wikimedia.org
Name Server:NS0.WIKIMEDIA.ORG
Name Server:NS1.WIKIMEDIA.ORG
Name Server:NS2.WIKIMEDIA.ORG
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Get local ip in C on linux

Binary Tides — Tue, 20 Dec 2011 06:41:04 +0000

The local ip is the source ip in IP packets send out from a system. The kernal maintains routing tables which it uses to decide the default gateway , its interface and the local ip configured for that interface. The /proc/net/route file (not really a file but appears like one) has more information about it.

A typical /proc/net/route output would look like :

$ cat /proc/net/route
Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT
eth0    0000A8C0        00000000        0001    0       0       1       00FFFFFF        0       0       0
eth0    0000FEA9        00000000        0001    0       0       1000    0000FFFF        0       0       0
eth0    00000000        0100A8C0        0003    0       0       0       00000000        0       0       0

The above lists the interface , destination , gateway etc. The interface (Iface) whose destination is 00000000 is the interface of the default gateway.

Now have a look at the route command output

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

Now the gateway for the destination 0.0.0.0 is the default gateway. So from the /proc/net/route output this line is of interest :

eth0    00000000        0100A8C0        0003    0       0       0       00000000        0       0       0

Its destination is 00000000 and gateway is 0100A8C0. The gateway is actually the IP address of the gateway in hex format in reverse order (little endian). Its 01.00.A8.C0 or 1.0.168.192

So by reading that line in a C program we can find out the default gateway and its interface. The IP address of this interface shall be the source ip in IP packets send out from this system.

The code for this is pretty simple as we can see :


FILE *f;
char line[100] , *p , *c;

f = fopen("/proc/net/route" , "r");

while(fgets(line , 100 , f))
{
	p = strtok(line , " \t");
	c = strtok(NULL , " \t");

	if(p!=NULL && c!=NULL)
	{
		if(strcmp(c , "00000000") == 0)
		{
			printf("Default interface is : %s \n" , p);
			break;
		}
	}
}

The above code prints : “Default interface is : eth0″

Now we need to get the ip address of the default interface eth0. The getnameinfo function can be used for this.
Sample code is found here.

Combining that with our previous code we get :

/*
 * Find local ip used as source ip in ip packets.
 * Read the /proc/net/route file
 */

#include	//printf
#include	//memset
#include	//errno
#include
#include
#include
#include
#include

int main ( int argc , char *argv[] )
{
    FILE *f;
    char line[100] , *p , *c;

    f = fopen("/proc/net/route" , "r");

    while(fgets(line , 100 , f))
    {
		p = strtok(line , " \t");
		c = strtok(NULL , " \t");

		if(p!=NULL && c!=NULL)
		{
			if(strcmp(c , "00000000") == 0)
			{
				printf("Default interface is : %s \n" , p);
				break;
			}
		}
	}

    //which family do we require , AF_INET or AF_INET6
    int fm = AF_INET;
    struct ifaddrs *ifaddr, *ifa;
	int family , s;
	char host[NI_MAXHOST];

	if (getifaddrs(&ifaddr) == -1)
	{
		perror("getifaddrs");
		exit(EXIT_FAILURE);
	}

	//Walk through linked list, maintaining head pointer so we can free list later
	for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next)
	{
		if (ifa->ifa_addr == NULL)
		{
			continue;
		}

		family = ifa->ifa_addr->sa_family;

		if(strcmp( ifa->ifa_name , p) == 0)
		{
			if (family == fm)
			{
				s = getnameinfo( ifa->ifa_addr, (family == AF_INET) ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6) , host , NI_MAXHOST , NULL , 0 , NI_NUMERICHOST);

				if (s != 0)
				{
					printf("getnameinfo() failed: %s\n", gai_strerror(s));
					exit(EXIT_FAILURE);
				}

				printf("address: %s", host);
			}
			printf("\n");
		}
	}

	freeifaddrs(ifaddr);

	return 0;
}

Output

Default interface is : eth0 

address: 192.168.0.6

Another method is to open a connection to a remote server and call getsockname

Code

/*
 * Find local ip used as source ip in ip packets.
 * Use getsockname and a udp connection
 */

#include	//printf
#include	//memset
#include	//errno
#include	//socket
#include //sockaddr_in
#include	//getsockname
#include	//close

int main ( int argc , char *argv[] )
{
    const char* google_dns_server = "8.8.8.8";
    int dns_port = 53;

	struct sockaddr_in serv;

    int sock = socket ( AF_INET, SOCK_DGRAM, 0);

    //Socket could not be created
    if(sock < 0)
    {
		perror("Socket error");
	}

	memset( &serv, 0, sizeof(serv) );
    serv.sin_family = AF_INET;
    serv.sin_addr.s_addr = inet_addr( google_dns_server );
    serv.sin_port = htons( dns_port );

    int err = connect( sock , (const struct sockaddr*) &serv , sizeof(serv) );

    struct sockaddr_in name;
    socklen_t namelen = sizeof(name);
    err = getsockname(sock, (struct sockaddr*) &name, &namelen);

	char buffer[100];
    const char* p = inet_ntop(AF_INET, &name.sin_addr, buffer, 100);

	if(p != NULL)
	{
		printf("Local ip is : %s \n" , buffer);
	}
	else
	{
		//Some error
		printf ("Error number : %d . Error message : %s \n" , errno , strerror(errno));
	}

    close(sock);

    return 0;
}

Output

Local ip is : 192.168.0.6

Code a packet sniffer in C with winpcap

Binary Tides — Sun, 18 Dec 2011 11:15:43 +0000

Winpcap is a packet capture library for Windows used for packet sniffing and sending raw packets. Wireshark is a popular sniffer tool that uses winpcap to sniff packets.

Here is a sample code which shows how winpcap can be used to sniff incoming packets on a particular interface.

Code

/*
	Simple Sniffer with winpcap , prints ethernet , ip , tcp , udp and icmp headers along with data dump in hex
	Author : Silver Moon ( m00n.silv3r@gmail.com )
*/

#include "stdio.h"
#include "winsock2.h"	//need winsock for inet_ntoa and ntohs methods

#define HAVE_REMOTE
#include "pcap.h"	//Winpcap :)

#pragma comment(lib , "ws2_32.lib") //For winsock
#pragma comment(lib , "wpcap.lib") //For winpcap

//some packet processing functions
void ProcessPacket (u_char* , int); //This will decide how to digest

void print_ethernet_header (u_char*);
void PrintIpHeader (u_char* , int);
void PrintIcmpPacket (u_char* , int);
void print_udp_packet (u_char* , int);
void PrintTcpPacket (u_char* , int);
void PrintData (u_char* , int);

// Set the packing to a 1 byte boundary
//#include "pshpack1.h"
//Ethernet Header
typedef struct ethernet_header
{
	UCHAR dest[6];
	UCHAR source[6];
	USHORT type;
}   ETHER_HDR , *PETHER_HDR , FAR * LPETHER_HDR , ETHERHeader;

//Ip header (v4)
typedef struct ip_hdr
{
	unsigned char ip_header_len:4; // 4-bit header length (in 32-bit words) normally=5 (Means 20 Bytes may be 24 also)
	unsigned char ip_version :4; // 4-bit IPv4 version
	unsigned char ip_tos; // IP type of service
	unsigned short ip_total_length; // Total length
	unsigned short ip_id; // Unique identifier

	unsigned char ip_frag_offset :5; // Fragment offset field

	unsigned char ip_more_fragment :1;
	unsigned char ip_dont_fragment :1;
	unsigned char ip_reserved_zero :1;

	unsigned char ip_frag_offset1; //fragment offset

	unsigned char ip_ttl; // Time to live
	unsigned char ip_protocol; // Protocol(TCP,UDP etc)
	unsigned short ip_checksum; // IP checksum
	unsigned int ip_srcaddr; // Source address
	unsigned int ip_destaddr; // Source address
} IPV4_HDR;

//UDP header
typedef struct udp_hdr
{
	unsigned short source_port; // Source port no.
	unsigned short dest_port; // Dest. port no.
	unsigned short udp_length; // Udp packet length
	unsigned short udp_checksum; // Udp checksum (optional)
} UDP_HDR;

// TCP header
typedef struct tcp_header
{
	unsigned short source_port; // source port
	unsigned short dest_port; // destination port
	unsigned int sequence; // sequence number - 32 bits
	unsigned int acknowledge; // acknowledgement number - 32 bits

	unsigned char ns :1; //Nonce Sum Flag Added in RFC 3540.
	unsigned char reserved_part1:3; //according to rfc
	unsigned char data_offset:4; /*The number of 32-bit words in the TCP header.
	This indicates where the data begins.
	The length of the TCP header is always a multiple
	of 32 bits.*/

	unsigned char fin :1; //Finish Flag
	unsigned char syn :1; //Synchronise Flag
	unsigned char rst :1; //Reset Flag
	unsigned char psh :1; //Push Flag
	unsigned char ack :1; //Acknowledgement Flag
	unsigned char urg :1; //Urgent Flag

	unsigned char ecn :1; //ECN-Echo Flag
	unsigned char cwr :1; //Congestion Window Reduced Flag

	////////////////////////////////

	unsigned short window; // window
	unsigned short checksum; // checksum
	unsigned short urgent_pointer; // urgent pointer
} TCP_HDR;

typedef struct icmp_hdr
{
	BYTE type; // ICMP Error type
	BYTE code; // Type sub code
	USHORT checksum;
	USHORT id;
	USHORT seq;
} ICMP_HDR;
// Restore the byte boundary back to the previous value
//#include 

FILE *logfile;
int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;
struct sockaddr_in source,dest;
char hex[2];

//Its free!
ETHER_HDR *ethhdr;
IPV4_HDR *iphdr;
TCP_HDR *tcpheader;
UDP_HDR *udpheader;
ICMP_HDR *icmpheader;
u_char *data;

int main()
{
	u_int i, res , inum ;
	u_char errbuf[PCAP_ERRBUF_SIZE] , buffer[100];
	u_char *pkt_data;
	time_t seconds;
	struct tm tbreak;
	pcap_if_t *alldevs, *d;
	pcap_t *fp;
	struct pcap_pkthdr *header;

	fopen_s(&logfile , "log.txt" , "w");

	if(logfile == NULL)
	{
		printf("Unable to create file.");
	}

	/* The user didn't provide a packet source: Retrieve the local device list */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
        return -1;
    }

	i = 0;
    /* Print the list */
    for(d=alldevs; d; d=d->next)
    {
        printf("%d. %s\n    ", ++i, d->name);

        if (d->description)
		{
            printf(" (%s)\n", d->description);
		}
        else
		{
            printf(" (No description available)\n");
		}
    }

    if (i==0)
    {
        fprintf(stderr,"No interfaces found! Exiting.\n");
        return -1;
    }

	printf("Enter the interface number you would like to sniff : ");
	scanf_s("%d" , &inum);

	/* Jump to the selected adapter */
    for (d=alldevs, i=0; i< inum-1 ;d=d->next, i++);

    /* Open the device */
    if ( (fp= pcap_open(d->name,
                        100 /*snaplen*/,
                        PCAP_OPENFLAG_PROMISCUOUS /*flags*/,
                        20 /*read timeout*/,
                        NULL /* remote authentication */,
                        errbuf)
                        ) == NULL)
    {
        fprintf(stderr,"\nError opening adapter\n");
        return -1;
    }

	//read packets in a loop :)
    while((res = pcap_next_ex( fp, &header, &pkt_data)) >= 0)
    {
        if(res == 0)
		{
            // Timeout elapsed
            continue;
		}
		seconds = header->ts.tv_sec;
		localtime_s( &tbreak , &seconds);
		strftime (buffer , 80 , "%d-%b-%Y %I:%M:%S %p" , &tbreak );
        //print pkt timestamp and pkt len
        //fprintf(logfile , "\nNext Packet : %ld:%ld (Packet Length : %ld bytes) " , header->ts.tv_sec, header->ts.tv_usec, header->len);
		fprintf(logfile , "\nNext Packet : %s.%ld (Packet Length : %ld bytes) " , buffer , header->ts.tv_usec, header->len);
		ProcessPacket(pkt_data , header->caplen);
    }

	if(res == -1)
    {
        fprintf(stderr, "Error reading the packets: %s\n" , pcap_geterr(fp) );
        return -1;
    }

	return 0;
}

void ProcessPacket(u_char* Buffer, int Size)
{
	//Ethernet header
	ethhdr = (ETHER_HDR *)Buffer;
	++total;

	//Ip packets
	if(ntohs(ethhdr->type) == 0x0800)
	{
		//ip header
		iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));

		switch (iphdr->ip_protocol) //Check the Protocol and do accordingly...
		{
			case 1: //ICMP Protocol
			icmp++;
			PrintIcmpPacket(Buffer,Size);
			break;

			case 2: //IGMP Protocol
			igmp++;
			break;

			case 6: //TCP Protocol
			tcp++;
			PrintTcpPacket(Buffer,Size);
			break;

			case 17: //UDP Protocol
			udp++;
			print_udp_packet(Buffer,Size);
			break;

			default: //Some Other Protocol like ARP etc.
			others++;
			break;
		}
	}

	printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d\r" , tcp , udp , icmp , igmp , others , total);
}

/*
	Print the Ethernet header
*/
void print_ethernet_header (u_char* buffer )
{
	ETHER_HDR *eth = (ETHER_HDR *)buffer;

	fprintf(logfile,"\n");
	fprintf(logfile,"Ethernet Header\n");
	fprintf(logfile , " |-Destination Address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->dest[0] , eth->dest[1] , eth->dest[2] , eth->dest[3] , eth->dest[4] , eth->dest[5] );
    fprintf(logfile , " |-Source Address      : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->source[0] , eth->source[1] , eth->source[2] , eth->source[3] , eth->source[4] , eth->source[5] );
    fprintf(logfile , " |-Protocol            : 0x%.4x \n" , ntohs(eth->type) );
}

/*
	Print the IP header for IP packets
*/
void PrintIpHeader (unsigned char* Buffer, int Size)
{
	int iphdrlen = 0;

	iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
	iphdrlen = iphdr->ip_header_len*4;

	memset(&source, 0, sizeof(source));
	source.sin_addr.s_addr = iphdr->ip_srcaddr;

	memset(&dest, 0, sizeof(dest));
	dest.sin_addr.s_addr = iphdr->ip_destaddr;

	print_ethernet_header(Buffer);

	fprintf(logfile,"\n");
	fprintf(logfile,"IP Header\n");
	fprintf(logfile," |-IP Version : %d\n",(unsigned int)iphdr->ip_version);
	fprintf(logfile," |-IP Header Length : %d DWORDS or %d Bytes\n",(unsigned int)iphdr->ip_header_len,((unsigned int)(iphdr->ip_header_len))*4);
	fprintf(logfile," |-Type Of Service : %d\n",(unsigned int)iphdr->ip_tos);
	fprintf(logfile," |-IP Total Length : %d Bytes(Size of Packet)\n",ntohs(iphdr->ip_total_length));
	fprintf(logfile," |-Identification : %d\n",ntohs(iphdr->ip_id));
	fprintf(logfile," |-Reserved ZERO Field : %d\n",(unsigned int)iphdr->ip_reserved_zero);
	fprintf(logfile," |-Dont Fragment Field : %d\n",(unsigned int)iphdr->ip_dont_fragment);
	fprintf(logfile," |-More Fragment Field : %d\n",(unsigned int)iphdr->ip_more_fragment);
	fprintf(logfile," |-TTL : %d\n",(unsigned int)iphdr->ip_ttl);
	fprintf(logfile," |-Protocol : %d\n",(unsigned int)iphdr->ip_protocol);
	fprintf(logfile," |-Checksum : %d\n",ntohs(iphdr->ip_checksum));
	fprintf(logfile," |-Source IP : %s\n",inet_ntoa(source.sin_addr));
	fprintf(logfile," |-Destination IP : %s\n",inet_ntoa(dest.sin_addr));
}

/*
	Print the TCP header for TCP packets
*/
void PrintTcpPacket(u_char* Buffer, int Size)
{
	unsigned short iphdrlen;
	int header_size = 0 , tcphdrlen , data_size;

	iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
	iphdrlen = iphdr->ip_header_len*4;

	tcpheader = (TCP_HDR*)( Buffer + iphdrlen + sizeof(ETHER_HDR) );
	tcphdrlen = tcpheader->data_offset*4;

	data = ( Buffer + sizeof(ETHER_HDR) + iphdrlen + tcphdrlen );
	data_size = (Size - sizeof(ETHER_HDR) - iphdrlen - tcphdrlen );

	fprintf(logfile,"\n\n***********************TCP Packet*************************\n");

	PrintIpHeader(Buffer,Size);

	fprintf(logfile,"\n");
	fprintf(logfile,"TCP Header\n");
	fprintf(logfile," |-Source Port : %u\n",ntohs(tcpheader->source_port));
	fprintf(logfile," |-Destination Port : %u\n",ntohs(tcpheader->dest_port));
	fprintf(logfile," |-Sequence Number : %u\n",ntohl(tcpheader->sequence));
	fprintf(logfile," |-Acknowledge Number : %u\n",ntohl(tcpheader->acknowledge));
	fprintf(logfile," |-Header Length : %d DWORDS or %d BYTES\n" , (unsigned int)tcpheader->data_offset,(unsigned int)tcpheader->data_offset*4);
	fprintf(logfile," |-CWR Flag : %d\n",(unsigned int)tcpheader->cwr);
	fprintf(logfile," |-ECN Flag : %d\n",(unsigned int)tcpheader->ecn);
	fprintf(logfile," |-Urgent Flag : %d\n",(unsigned int)tcpheader->urg);
	fprintf(logfile," |-Acknowledgement Flag : %d\n",(unsigned int)tcpheader->ack);
	fprintf(logfile," |-Push Flag : %d\n",(unsigned int)tcpheader->psh);
	fprintf(logfile," |-Reset Flag : %d\n",(unsigned int)tcpheader->rst);
	fprintf(logfile," |-Synchronise Flag : %d\n",(unsigned int)tcpheader->syn);
	fprintf(logfile," |-Finish Flag : %d\n",(unsigned int)tcpheader->fin);
	fprintf(logfile," |-Window : %d\n",ntohs(tcpheader->window));
	fprintf(logfile," |-Checksum : %d\n",ntohs(tcpheader->checksum));
	fprintf(logfile," |-Urgent Pointer : %d\n",tcpheader->urgent_pointer);
	fprintf(logfile,"\n");
	fprintf(logfile," DATA Dump ");
	fprintf(logfile,"\n");

	fprintf(logfile,"IP Header\n");
	PrintData( (u_char*)iphdr , iphdrlen);

	fprintf(logfile,"TCP Header\n");
	PrintData( (u_char*)tcpheader , tcphdrlen );

	fprintf(logfile,"Data Payload\n");
	PrintData( data , data_size );

	fprintf(logfile,"\n###########################################################\n");
}

/*
	Print the UDP header for UDP packets
*/
void print_udp_packet(u_char *Buffer,int Size)
{
	int iphdrlen = 0 , data_size = 0;

	iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
	iphdrlen = iphdr->ip_header_len*4;

	udpheader = (UDP_HDR*)( Buffer + iphdrlen + sizeof(ETHER_HDR) );

	data = ( Buffer + sizeof(ETHER_HDR) + iphdrlen + sizeof(UDP_HDR) );
	data_size = (Size - sizeof(ETHER_HDR) - iphdrlen - sizeof(UDP_HDR) );

	fprintf(logfile,"\n\n***********************UDP Packet*************************\n");

	PrintIpHeader(Buffer,Size);

	fprintf(logfile,"\nUDP Header\n");
	fprintf(logfile," |-Source Port : %d\n",ntohs(udpheader->source_port));
	fprintf(logfile," |-Destination Port : %d\n",ntohs(udpheader->dest_port));
	fprintf(logfile," |-UDP Length : %d\n",ntohs(udpheader->udp_length));
	fprintf(logfile," |-UDP Checksum : %d\n",ntohs(udpheader->udp_checksum));

	fprintf(logfile,"\n");

	fprintf(logfile,"IP Header\n");
	PrintData( (u_char*)iphdr , iphdrlen);

	fprintf(logfile,"UDP Header\n");
	PrintData((u_char*)udpheader , sizeof(UDP_HDR));

	fprintf(logfile,"Data Payload\n");
	PrintData(data ,data_size);

	fprintf(logfile,"\n###########################################################\n");
}

void PrintIcmpPacket(u_char* Buffer , int Size)
{
	int iphdrlen = 0 , icmphdrlen = 0 , data_size=0;

	iphdr = (IPV4_HDR *)(Buffer + sizeof(ETHER_HDR));
	iphdrlen = iphdr->ip_header_len*4;

	icmpheader = (ICMP_HDR*)( Buffer + iphdrlen + sizeof(ETHER_HDR) );

	data = ( Buffer + sizeof(ETHER_HDR) + iphdrlen + sizeof(ICMP_HDR) );
	data_size = (Size - sizeof(ETHER_HDR) - iphdrlen - sizeof(ICMP_HDR) );

	fprintf(logfile,"\n\n***********************ICMP Packet*************************\n");
	PrintIpHeader(Buffer,Size);

	fprintf(logfile,"\n");

	fprintf(logfile,"ICMP Header\n");
	fprintf(logfile," |-Type : %d",(unsigned int)(icmpheader->type));

	if((unsigned int)(icmpheader->type)==11)
	{
		fprintf(logfile," (TTL Expired)\n");
	}
	else if((unsigned int)(icmpheader->type)==0)
	{
		fprintf(logfile," (ICMP Echo Reply)\n");
	}

	fprintf(logfile," |-Code : %d\n",(unsigned int)(icmpheader->code));
	fprintf(logfile," |-Checksum : %d\n",ntohs(icmpheader->checksum));
	fprintf(logfile," |-ID : %d\n",ntohs(icmpheader->id));
	fprintf(logfile," |-Sequence : %d\n",ntohs(icmpheader->seq));
	fprintf(logfile,"\n");

	fprintf(logfile , "IP Header\n");
	PrintData( (u_char*)iphdr , iphdrlen);

	fprintf(logfile , "ICMP Header\n");
	PrintData( (u_char*)icmpheader , sizeof(ICMP_HDR) );

	fprintf(logfile , "Data Payload\n");
	PrintData(data , data_size);

	fprintf(logfile,"\n###########################################################\n");
}

/*
	Print the hex values of the data
*/
void PrintData (u_char* data , int Size)
{
	unsigned char a , line[17] , c;
	int j;

	//loop over each character and print
	for(i=0 ; i < Size ; i++)
	{
		c = data[i];

		//Print the hex value for every character , with a space
		fprintf(logfile," %.2x", (unsigned int) c);

		//Add the character to data line
		a = ( c >=32 && c <=128) ? (unsigned char) c : '.';

		line[i%16] = a;

		//if last character of a line , then print the line - 16 characters in 1 line
		if( (i!=0 && (i+1)%16==0) || i == Size - 1)
		{
			line[i%16 + 1] = '\0';

			//print a big gap of 10 characters between hex and characters
			fprintf(logfile ,"          ");

			//Print additional spaces for last lines which might be less than 16 characters in length
			for( j = strlen(line) ; j < 16; j++)
			{
				fprintf(logfile , "   ");
			}

			fprintf(logfile , "%s \n" , line);
		}
	}

	fprintf(logfile , "\n");
}

Compile
The code can be compiled in Vc++ 2010 Express Edition
Winpcap development files are needed for pcap.h/pcap.lib and other files.

Create a project in VC++ and add a main.c file and put the source code inside it. Then in Project > Properties (Alt + F7) add the directory path of winpcap header and lib files.

Now Build and Run.

Output

The terminal will show the number of packets sniffed protocolwise.

1. rpcap://\Device\NPF_{EA7C1F00-CD10-4288-8B0D-EBD63C22F468}
     (Network adapter 'Intel(R) 82566DC Gigabit Network Connection (Microsoft's
Packet Scheduler) ' on local host)
Enter the interface number you would like to sniff : 1
TCP : 327 UDP : 35 ICMP : 74 IGMP : 3 Others : 0 Total : 462

The log file will have more information. Headers would be broken down into individual fields and data would be shown in hex format.

Next Packet : 18-Dec-2011 04:35:17 PM.7759 (Packet Length : 432 bytes) 

***********************TCP Packet*************************

Ethernet Header
 |-Destination Address : 00-1E-58-B8-D4-69
 |-Source Address      : 00-1C-C0-F8-79-EE
 |-Protocol            : 0x0800 

IP Header
 |-IP Version : 4
 |-IP Header Length : 5 DWORDS or 20 Bytes
 |-Type Of Service : 0
 |-IP Total Length : 418 Bytes(Size of Packet)
 |-Identification : 11810
 |-Reserved ZERO Field : 0
 |-Dont Fragment Field : 1
 |-More Fragment Field : 0
 |-TTL : 128
 |-Protocol : 6
 |-Checksum : 1370
 |-Source IP : 192.168.0.101
 |-Destination IP : 96.17.164.187

TCP Header
 |-Source Port : 1211
 |-Destination Port : 80
 |-Sequence Number : 658049438
 |-Acknowledge Number : 3756530811
 |-Header Length : 5 DWORDS or 20 BYTES
 |-CWR Flag : 0
 |-ECN Flag : 0
 |-Urgent Flag : 0
 |-Acknowledgement Flag : 1
 |-Push Flag : 1
 |-Reset Flag : 0
 |-Synchronise Flag : 0
 |-Finish Flag : 0
 |-Window : 17520
 |-Checksum : 51054
 |-Urgent Pointer : 0

 DATA Dump
IP Header
 45 00 01 a2 2e 22 40 00 80 06 05 5a c0 a8 00 65          E...."@.€..Z...e
 60 11 a4 bb                                              `... 

TCP Header
 04 bb 00 50 27 39 09 9e df e8 1c 7b 50 18 44 70          ...P'9.....{P.Dp
 c7 6e 00 00                                              .n.. 

Data Payload
 47 45 54 20 2f 31 2f 3f 42 57 31 33 6a 67 25 32          GET /1/?BW13jg%2
 42 56 52 48 35 6c 52 6c 55 25 32 42 37 71 63 4a          BVRH5lRlU%2B7qcJ
 30 44 78 6d 53 62 45 44 32 46 4d 43 76 59 74 43          0DxmSbED2FMCvYtC
 6b 58 6c 48 25 32 46 59 38 4a 41 41 41 41 41 41          kXlH%2FY8JAAAAAA
 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41          AAAAAAAAAAAAAAAA
 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41          AAAAAAAAAAAAAAAA
 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41          AAAAAAAAAAAAAAAA
 41 41 41 47 4e 74 5a 43 35 6c 65 47 55 41 56 32          AAAGNtZC5leGUAV2
 6c 75 5a 47 39 33 63 79 42 44 62 32 31 74 59 57          luZG93cyBDb21tYW
 35 6b 49 46 42 79 62 32 4e 6c 63 33 4e 76 63 67          5kIFByb2Nlc3Nvcg
 41 31 4c 6a 45 75 4d 6a 59 77 4d 43 34 31 4e 54          A1LjEuMjYwMC41NT
 45 79 41 45 31 70 59 33 4a 76 63 32 39 6d 64 43          EyAE1pY3Jvc29mdC
 42 44 62 33 4a 77 62 33 4a 68 64 47 6c 76 62 67          BDb3Jwb3JhdGlvbg
 41 41 41 41 25 33 44 25 33 44 20 48 54 54 50 2f          AAAA%3D%3D HTTP/
 31 2e 31 0d 0a 48 6f 73 74 3a 20 70 61 32 2e 7a          1.1..Host: pa2.z
 6f 6e 65 6c 61 62 73 2e 63 6f 6d 0d 0a 41 63 63          onelabs.com..Acc
 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a          ept-Encoding: gz
 69 70 0d 0a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d          ip..Accept: */*.
 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74          .Content-Type: t
 65 78 74 2f 70 6c 61 69 6e 0d 0a 55 73 65 72 2d          ext/plain..User-
 41 67 65 6e 74 3a 20 5a 6f 6e 65 41 6c 61 72 6d          Agent: ZoneAlarm
 2f 39 2e 31 2e 30 30 38 2e 30 30 30 20 28 6f 65          /9.1.008.000 (oe
 6d 2d 31 30 34 33 3b 20 65 6e 2d 55 53 29 20 5a          m-1043; en-US) Z
 53 50 2f 32 2e 32 0d 0a 0d 0a                            SP/2.2.... 

###########################################################

Get mac address from ip in winsock

Binary Tides — Fri, 16 Dec 2011 09:55:06 +0000

Mac address or hardware address is a 48bit (6 character) wide address assigned to a network interface. It is important for the packet delivery between 2 devices like your computer and the router. Ethernet protocol uses the mac address to deliver it to the right network node. It looks like this 00-1E-58-B8-D4-69 ( the dash is not relevant). Mac address of any interface can also be changed ( called mac spoofing ) .

Any network packet that needs to travel from a certain ip address to another needs to know the destination ip’s mac address. On windows there is a iphlpapi.dll file which has a function called SendARP which can be used to get the mac address of a given ip address.

Code

In Vc++ 6.0 , where iphlpapi.h and iphlpapi.lib are not available , we can create necessary structures and pointers to functions inside iphlpapi.dll file and use them.

/*
	Author: Silver Moon ( m00n.silv3r@gmail.com )

	Find mac address of a given IP address using iphlpapi
*/

#include "winsock2.h"
#include "windows.h"
#include "time.h"
#include "stdio.h"

#pragma comment(lib,"ws2_32.lib") //For winsock

#define MAX_ADAPTER_NAME_LENGTH 256
#define MAX_ADAPTER_DESCRIPTION_LENGTH 128
#define MAX_ADAPTER_ADDRESS_LENGTH 8

//Necessary Structs
typedef struct
{
	char String[4 * 4];
} IP_ADDRESS_STRING, *PIP_ADDRESS_STRING, IP_MASK_STRING, *PIP_MASK_STRING;

typedef struct _IP_ADDR_STRING
{
	struct _IP_ADDR_STRING* Next;
	IP_ADDRESS_STRING IpAddress;
	IP_MASK_STRING IpMask;
	DWORD Context;
} IP_ADDR_STRING , *PIP_ADDR_STRING;

typedef struct _IP_ADAPTER_INFO
{
    struct _IP_ADAPTER_INFO* Next;
    DWORD           ComboIndex;
    char            AdapterName[MAX_ADAPTER_NAME_LENGTH + 4];
    char            Description[MAX_ADAPTER_DESCRIPTION_LENGTH + 4];
    UINT            AddressLength;
    BYTE            Address[MAX_ADAPTER_ADDRESS_LENGTH];
    DWORD           Index;
    UINT            Type;
    UINT            DhcpEnabled;
    PIP_ADDR_STRING CurrentIpAddress;
    IP_ADDR_STRING  IpAddressList;
    IP_ADDR_STRING  GatewayList;
    IP_ADDR_STRING  DhcpServer;
    BOOL            HaveWins;
    IP_ADDR_STRING  PrimaryWinsServer;
    IP_ADDR_STRING  SecondaryWinsServer;
    time_t          LeaseObtained;
    time_t          LeaseExpires;
} IP_ADAPTER_INFO, *PIP_ADAPTER_INFO;

//Functions
void loadiphlpapi();
void GetMacAddress(unsigned char * , struct in_addr );

//Loads from Iphlpapi.dll
typedef DWORD (WINAPI* psendarp)(struct in_addr DestIP, struct in_addr SrcIP, PULONG pMacAddr, PULONG PhyAddrLen );
typedef DWORD (WINAPI* pgetadaptersinfo)(PIP_ADAPTER_INFO pAdapterInfo, PULONG pOutBufLen );

int main()
{
	unsigned char mac[6];
	struct in_addr srcip;
	char ip_address[32];

	WSADATA firstsock;

	if (WSAStartup(MAKEWORD(2,2),&firstsock) != 0)
	{
		printf("\nFailed to initialise winsock.");
		printf("\nError Code : %d",WSAGetLastError());
		return 1;	//Return 1 on error
	}

	loadiphlpapi();

	//Ask user to select the device he wants to use
	printf("Enter the ip address : ");
	scanf("%s",ip_address);
	srcip.s_addr = inet_addr(ip_address);

	//Get mac addresses of the ip
	GetMacAddress(mac , srcip);
	printf("Selected device has mac address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X",mac[0],mac[1],mac[2],mac[3],mac[4],mac[5]);
	printf("\n");

	return 0;
}

//2 functions
psendarp SendArp;
pgetadaptersinfo GetAdaptersInfo;

void loadiphlpapi()
{
	HINSTANCE hDll = LoadLibrary("iphlpapi.dll");

	GetAdaptersInfo = (pgetadaptersinfo)GetProcAddress(hDll,"GetAdaptersInfo");
	if(GetAdaptersInfo==NULL)
	{
		printf("Error in iphlpapi.dll%d",GetLastError());
	}

	SendArp = (psendarp)GetProcAddress(hDll,"SendARP");

	if(SendArp==NULL)
	{
		printf("Error in iphlpapi.dll%d",GetLastError());
	}
}

/*
	Get the mac address of a given ip
*/
void GetMacAddress(unsigned char *mac , struct in_addr destip)
{
	DWORD ret;
	struct in_addr srcip;
	ULONG MacAddr[2];
	ULONG PhyAddrLen = 6;  /* default to length of six bytes */
	int i;

	srcip.s_addr=0;

	//Send an arp packet
	ret = SendArp(destip , srcip , MacAddr , &PhyAddrLen);

	//Prepare the mac address
	if(PhyAddrLen)
	{
		BYTE *bMacAddr = (BYTE *) & MacAddr;
		for (i = 0; i < (int) PhyAddrLen; i++)
		{
			mac[i] = (char)bMacAddr[i];
		}
	}
}

Output

Enter the ip address : 192.168.0.1
Selected device has mac address : 00-1E-58-B8-D4-69
Press any key to continue

On Visual C++ 2010 Express Edition , the iphlpapi.lib and iphlpapi.h files are available so the code is much simpler and shorter.

/*
Author: Silver Moon ( m00n.silv3r@gmail.com )
Find mac address of a given IP address using iphlpapi
*/

#include "winsock2.h"
#include "iphlpapi.h"	//For SendARP
#include "stdio.h"
#include "conio.h"

#pragma comment(lib , "iphlpapi.lib") //For iphlpapi
#pragma comment(lib , "ws2_32.lib") //For winsock

void GetMacAddress(unsigned char * , struct in_addr );

int main()
{
	unsigned char mac[6];
	struct in_addr srcip;
	char ip_address[32];

	WSADATA firstsock;

	if (WSAStartup(MAKEWORD(2,2),&firstsock) != 0)
	{
		printf("\nFailed to initialise winsock.");
		printf("\nError Code : %d" , WSAGetLastError() );
		return 1;
	}

	//Ask user to select the device he wants to use
	printf("Enter the ip address : ");
	scanf_s("%s",ip_address);
	srcip.s_addr = inet_addr(ip_address);

	//Get mac addresses of the ip
	GetMacAddress(mac , srcip);
	printf("Selected device has mac address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X",mac[0],mac[1],mac[2],mac[3],mac[4],mac[5]);
	printf("\n");

	_getch();
	return 0;
}

/*
	Get the mac address of a given ip
*/
void GetMacAddress(unsigned char *mac , struct in_addr destip)
{
	DWORD ret;
	IPAddr srcip;
	ULONG MacAddr[2];
	ULONG PhyAddrLen = 6;  /* default to length of six bytes */
	int i;

	srcip = 0;

	//Send an arp packet
	ret = SendARP((IPAddr) destip.S_un.S_addr , srcip , MacAddr , &PhyAddrLen);

	//Prepare the mac address
	if(PhyAddrLen)
	{
		BYTE *bMacAddr = (BYTE *) & MacAddr;
		for (i = 0; i < (int) PhyAddrLen; i++)
		{
			mac[i] = (char)bMacAddr[i];
		}
	}
}

Output

Enter the ip address : 192.168.0.101
Selected device has mac address : 00-1C-C0-F8-79-EE

Get ip address from hostname in C using Linux sockets

Binary Tides — Sat, 10 Dec 2011 15:17:55 +0000

Here are 2 methods to get the ip address of a hostname :

The first method uses the traditional gethostbyname function to retrieve information about a hostname/domain name.
Code

#include //printf
#include //memset
#include //for exit(0);
#include
#include //For errno - the error number
#include	//hostent
#include

int hostname_to_ip(char *  , char *);

int main(int argc , char *argv[])
{
	if(argc <2)
	{
		printf("Please provide a hostname to resolve");
		exit(1);
	}

	char *hostname = argv[1];
	char ip[100];

	hostname_to_ip(hostname , ip);
	printf("%s resolved to %s" , hostname , ip);

	printf("\n");

}
/*
	Get ip from domain name
 */

int hostname_to_ip(char * hostname , char* ip)
{
	struct hostent *he;
	struct in_addr **addr_list;
	int i;

	if ( (he = gethostbyname( hostname ) ) == NULL)
	{
		// get the host info
		herror("gethostbyname");
		return 1;
	}

	addr_list = (struct in_addr **) he->h_addr_list;

	for(i = 0; addr_list[i] != NULL; i++)
	{
		//Return the first one;
		strcpy(ip , inet_ntoa(*addr_list[i]) );
		return 0;
	}

	return 1;
}

Compile and Run


$ gcc hostname_to_ip.c && ./a.out www.google.com
www.google.com resolved to 74.125.235.16

$ gcc hostname_to_ip.c && ./a.out www.msn.com
www.msn.com resolved to 207.46.140.34

$ gcc hostname_to_ip.c && ./a.out www.yahoo.com
www.yahoo.com resolved to 98.137.149.56

The second method uses the getaddrinfo function to retrieve information about a hostname/domain name.
Code

#include //printf
#include //memset
#include //for exit(0);
#include
#include //For errno - the error number
#include	//hostent
#include

int hostname_to_ip(char *  , char *);

int main(int argc , char *argv[])
{
	if(argc <2)
	{
		printf("Please provide a hostname to resolve");
		exit(1);
	}

	char *hostname = argv[1];
	char ip[100];

	hostname_to_ip(hostname , ip);
	printf("%s resolved to %s" , hostname , ip);

	printf("\n");

}
/*
	Get ip from domain name
 */

int hostname_to_ip(char *hostname , char *ip)
{
	int sockfd;
	struct addrinfo hints, *servinfo, *p;
	struct sockaddr_in *h;
	int rv;

	memset(&hints, 0, sizeof hints);
	hints.ai_family = AF_UNSPEC; // use AF_INET6 to force IPv6
	hints.ai_socktype = SOCK_STREAM;

	if ( (rv = getaddrinfo( hostname , "http" , &hints , &servinfo)) != 0)
	{
		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(rv));
		return 1;
	}

	// loop through all the results and connect to the first we can
	for(p = servinfo; p != NULL; p = p->ai_next)
	{
		h = (struct sockaddr_in *) p->ai_addr;
		strcpy(ip , inet_ntoa( h->sin_addr ) );
	}

	freeaddrinfo(servinfo); // all done with this structure
	return 0;
}

Compile and Run

$ gcc hostname_to_ip.c && ./a.out www.google.com
www.google.com resolved to 74.125.235.19

$ gcc hostname_to_ip.c && ./a.out www.yahoo.com
www.yahoo.com resolved to 72.30.2.43

$ gcc hostname_to_ip.c && ./a.out www.msn.com
www.msn.com resolved to 207.46.140.34

Packet Sniffer Code in C using Linux Sockets (BSD) – Part 2

Binary Tides — Thu, 01 Dec 2011 12:27:46 +0000

In the previous part we made a simple sniffer which created a raw socket and started receiving on it. But it had few drawbacks :

1. Could sniff only incoming data.
2. Could sniff only TCP or UDP or ICMP or any one protocol packets at a time.
3. Provided IP frames , so ethernet headers were not available.

In this article we are going to modify the same code to fix the above 3 drawbacks. However we shall not be using libpcap.
This will be done using pure linux sockets.

The difference is very small and is 2 lines :
Instead of :

sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP);

We do :

sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_ALL)) ;
//Optional
//setsockopt(sock_raw , SOL_SOCKET , SO_BINDTODEVICE , "eth0" , strlen("eth0")+ 1 );

and we are done. Now it will :
1. Sniff both incoming and outgoing traffic.
2. Sniff ALL ETHERNET FRAMES , which includes all kinds of IP packets and even more if there are any.
3. Provides the Ethernet headers too , which contain the mac addresses.

The setsockopt line is optional.
Its important to provide the correct interface name to setsockopt , eth0 in this case and in most cases.
So may be you would like to present the user with a list of interfaces available and allow him to choose the one to be sniffed.

Here is the full source code :


#include
#include
#include
#include	//For standard things
#include	//malloc
#include	//strlen

#include	//Provides declarations for icmp header
#include	//Provides declarations for udp header
#include	//Provides declarations for tcp header
#include	//Provides declarations for ip header
#include	//For ETH_P_ALL
#include	//For ether_header
#include
#include
#include
#include
#include
#include

void ProcessPacket(unsigned char* , int);
void print_ip_header(unsigned char* , int);
void print_tcp_packet(unsigned char * , int );
void print_udp_packet(unsigned char * , int );
void print_icmp_packet(unsigned char* , int );
void PrintData (unsigned char* , int);

FILE *logfile;
struct sockaddr_in source,dest;
int tcp=0,udp=0,icmp=0,others=0,igmp=0,total=0,i,j;	

int main()
{
	int saddr_size , data_size;
	struct sockaddr saddr;

	unsigned char *buffer = (unsigned char *) malloc(65536); //Its Big!

	logfile=fopen("log.txt","w");
	if(logfile==NULL)
	{
		printf("Unable to create log.txt file.");
	}
	printf("Starting...\n");

	int sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_ALL)) ;
	//setsockopt(sock_raw , SOL_SOCKET , SO_BINDTODEVICE , "eth0" , strlen("eth0")+ 1 );

	if(sock_raw < 0)
	{
		//Print the error with proper message
		perror("Socket Error");
		return 1;
	}
	while(1)
	{
		saddr_size = sizeof saddr;
		//Receive a packet
		data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , (socklen_t*)&saddr_size);
		if(data_size <0 )
		{
			printf("Recvfrom error , failed to get packets\n");
			return 1;
		}
		//Now process the packet
		ProcessPacket(buffer , data_size);
	}
	close(sock_raw);
	printf("Finished");
	return 0;
}

void ProcessPacket(unsigned char* buffer, int size)
{
	//Get the IP Header part of this packet , excluding the ethernet header
	struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));
	++total;
	switch (iph->protocol) //Check the Protocol and do accordingly...
	{
		case 1:  //ICMP Protocol
			++icmp;
			print_icmp_packet( buffer , size);
			break;

		case 2:  //IGMP Protocol
			++igmp;
			break;

		case 6:  //TCP Protocol
			++tcp;
			print_tcp_packet(buffer , size);
			break;

		case 17: //UDP Protocol
			++udp;
			print_udp_packet(buffer , size);
			break;

		default: //Some Other Protocol like ARP etc.
			++others;
			break;
	}
	printf("TCP : %d   UDP : %d   ICMP : %d   IGMP : %d   Others : %d   Total : %d\r", tcp , udp , icmp , igmp , others , total);
}

void print_ethernet_header(unsigned char* Buffer, int Size)
{
	struct ethhdr *eth = (struct ethhdr *)Buffer;

	fprintf(logfile , "\n");
	fprintf(logfile , "Ethernet Header\n");
	fprintf(logfile , "   |-Destination Address : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->h_dest[0] , eth->h_dest[1] , eth->h_dest[2] , eth->h_dest[3] , eth->h_dest[4] , eth->h_dest[5] );
	fprintf(logfile , "   |-Source Address      : %.2X-%.2X-%.2X-%.2X-%.2X-%.2X \n", eth->h_source[0] , eth->h_source[1] , eth->h_source[2] , eth->h_source[3] , eth->h_source[4] , eth->h_source[5] );
	fprintf(logfile , "   |-Protocol            : %u \n",(unsigned short)eth->h_proto);
}

void print_ip_header(unsigned char* Buffer, int Size)
{
	print_ethernet_header(Buffer , Size);

	unsigned short iphdrlen;

	struct iphdr *iph = (struct iphdr *)(Buffer  + sizeof(struct ethhdr) );
	iphdrlen =iph->ihl*4;

	memset(&source, 0, sizeof(source));
	source.sin_addr.s_addr = iph->saddr;

	memset(&dest, 0, sizeof(dest));
	dest.sin_addr.s_addr = iph->daddr;

	fprintf(logfile , "\n");
	fprintf(logfile , "IP Header\n");
	fprintf(logfile , "   |-IP Version        : %d\n",(unsigned int)iph->version);
	fprintf(logfile , "   |-IP Header Length  : %d DWORDS or %d Bytes\n",(unsigned int)iph->ihl,((unsigned int)(iph->ihl))*4);
	fprintf(logfile , "   |-Type Of Service   : %d\n",(unsigned int)iph->tos);
	fprintf(logfile , "   |-IP Total Length   : %d  Bytes(Size of Packet)\n",ntohs(iph->tot_len));
	fprintf(logfile , "   |-Identification    : %d\n",ntohs(iph->id));
	//fprintf(logfile , "   |-Reserved ZERO Field   : %d\n",(unsigned int)iphdr->ip_reserved_zero);
	//fprintf(logfile , "   |-Dont Fragment Field   : %d\n",(unsigned int)iphdr->ip_dont_fragment);
	//fprintf(logfile , "   |-More Fragment Field   : %d\n",(unsigned int)iphdr->ip_more_fragment);
	fprintf(logfile , "   |-TTL      : %d\n",(unsigned int)iph->ttl);
	fprintf(logfile , "   |-Protocol : %d\n",(unsigned int)iph->protocol);
	fprintf(logfile , "   |-Checksum : %d\n",ntohs(iph->check));
	fprintf(logfile , "   |-Source IP        : %s\n",inet_ntoa(source.sin_addr));
	fprintf(logfile , "   |-Destination IP   : %s\n",inet_ntoa(dest.sin_addr));
}

void print_tcp_packet(unsigned char* Buffer, int Size)
{
	unsigned short iphdrlen;

	struct iphdr *iph = (struct iphdr *)( Buffer  + sizeof(struct ethhdr) );
	iphdrlen = iph->ihl*4;

	struct tcphdr *tcph=(struct tcphdr*)(Buffer + iphdrlen + sizeof(struct ethhdr));

	int header_size =  sizeof(struct ethhdr) + iphdrlen + tcph->doff*4;

	fprintf(logfile , "\n\n***********************TCP Packet*************************\n");	

	print_ip_header(Buffer,Size);

	fprintf(logfile , "\n");
	fprintf(logfile , "TCP Header\n");
	fprintf(logfile , "   |-Source Port      : %u\n",ntohs(tcph->source));
	fprintf(logfile , "   |-Destination Port : %u\n",ntohs(tcph->dest));
	fprintf(logfile , "   |-Sequence Number    : %u\n",ntohl(tcph->seq));
	fprintf(logfile , "   |-Acknowledge Number : %u\n",ntohl(tcph->ack_seq));
	fprintf(logfile , "   |-Header Length      : %d DWORDS or %d BYTES\n" ,(unsigned int)tcph->doff,(unsigned int)tcph->doff*4);
	//fprintf(logfile , "   |-CWR Flag : %d\n",(unsigned int)tcph->cwr);
	//fprintf(logfile , "   |-ECN Flag : %d\n",(unsigned int)tcph->ece);
	fprintf(logfile , "   |-Urgent Flag          : %d\n",(unsigned int)tcph->urg);
	fprintf(logfile , "   |-Acknowledgement Flag : %d\n",(unsigned int)tcph->ack);
	fprintf(logfile , "   |-Push Flag            : %d\n",(unsigned int)tcph->psh);
	fprintf(logfile , "   |-Reset Flag           : %d\n",(unsigned int)tcph->rst);
	fprintf(logfile , "   |-Synchronise Flag     : %d\n",(unsigned int)tcph->syn);
	fprintf(logfile , "   |-Finish Flag          : %d\n",(unsigned int)tcph->fin);
	fprintf(logfile , "   |-Window         : %d\n",ntohs(tcph->window));
	fprintf(logfile , "   |-Checksum       : %d\n",ntohs(tcph->check));
	fprintf(logfile , "   |-Urgent Pointer : %d\n",tcph->urg_ptr);
	fprintf(logfile , "\n");
	fprintf(logfile , "                        DATA Dump                         ");
	fprintf(logfile , "\n");

	fprintf(logfile , "IP Header\n");
	PrintData(Buffer,iphdrlen);

	fprintf(logfile , "TCP Header\n");
	PrintData(Buffer+iphdrlen,tcph->doff*4);

	fprintf(logfile , "Data Payload\n");
	PrintData(Buffer + header_size , Size - header_size );

	fprintf(logfile , "\n###########################################################");
}

void print_udp_packet(unsigned char *Buffer , int Size)
{

	unsigned short iphdrlen;

	struct iphdr *iph = (struct iphdr *)(Buffer +  sizeof(struct ethhdr));
	iphdrlen = iph->ihl*4;

	struct udphdr *udph = (struct udphdr*)(Buffer + iphdrlen  + sizeof(struct ethhdr));

	int header_size =  sizeof(struct ethhdr) + iphdrlen + sizeof udph;

	fprintf(logfile , "\n\n***********************UDP Packet*************************\n");

	print_ip_header(Buffer,Size);			

	fprintf(logfile , "\nUDP Header\n");
	fprintf(logfile , "   |-Source Port      : %d\n" , ntohs(udph->source));
	fprintf(logfile , "   |-Destination Port : %d\n" , ntohs(udph->dest));
	fprintf(logfile , "   |-UDP Length       : %d\n" , ntohs(udph->len));
	fprintf(logfile , "   |-UDP Checksum     : %d\n" , ntohs(udph->check));

	fprintf(logfile , "\n");
	fprintf(logfile , "IP Header\n");
	PrintData(Buffer , iphdrlen);

	fprintf(logfile , "UDP Header\n");
	PrintData(Buffer+iphdrlen , sizeof udph);

	fprintf(logfile , "Data Payload\n");	

	//Move the pointer ahead and reduce the size of string
	PrintData(Buffer + header_size , Size - header_size);

	fprintf(logfile , "\n###########################################################");
}

void print_icmp_packet(unsigned char* Buffer , int Size)
{
	unsigned short iphdrlen;

	struct iphdr *iph = (struct iphdr *)(Buffer  + sizeof(struct ethhdr));
	iphdrlen = iph->ihl * 4;

	struct icmphdr *icmph = (struct icmphdr *)(Buffer + iphdrlen  + sizeof(struct ethhdr));

	int header_size =  sizeof(struct ethhdr) + iphdrlen + sizeof icmph;

	fprintf(logfile , "\n\n***********************ICMP Packet*************************\n");	

	print_ip_header(Buffer , Size);

	fprintf(logfile , "\n");

	fprintf(logfile , "ICMP Header\n");
	fprintf(logfile , "   |-Type : %d",(unsigned int)(icmph->type));

	if((unsigned int)(icmph->type) == 11)
	{
		fprintf(logfile , "  (TTL Expired)\n");
	}
	else if((unsigned int)(icmph->type) == ICMP_ECHOREPLY)
	{
		fprintf(logfile , "  (ICMP Echo Reply)\n");
	}

	fprintf(logfile , "   |-Code : %d\n",(unsigned int)(icmph->code));
	fprintf(logfile , "   |-Checksum : %d\n",ntohs(icmph->checksum));
	//fprintf(logfile , "   |-ID       : %d\n",ntohs(icmph->id));
	//fprintf(logfile , "   |-Sequence : %d\n",ntohs(icmph->sequence));
	fprintf(logfile , "\n");

	fprintf(logfile , "IP Header\n");
	PrintData(Buffer,iphdrlen);

	fprintf(logfile , "UDP Header\n");
	PrintData(Buffer + iphdrlen , sizeof icmph);

	fprintf(logfile , "Data Payload\n");	

	//Move the pointer ahead and reduce the size of string
	PrintData(Buffer + header_size , (Size - header_size) );

	fprintf(logfile , "\n###########################################################");
}

void PrintData (unsigned char* data , int Size)
{
	int i , j;
	for(i=0 ; i < Size ; i++)
	{
		if( i!=0 && i%16==0)   //if one line of hex printing is complete...
		{
			fprintf(logfile , "         ");
			for(j=i-16 ; j=32 && data[j]<=128)
					fprintf(logfile , "%c",(unsigned char)data[j]); //if its a number or alphabet

				else fprintf(logfile , "."); //otherwise print a dot
			}
			fprintf(logfile , "\n");
		} 

		if(i%16==0) fprintf(logfile , "   ");
			fprintf(logfile , " %02X",(unsigned int)data[i]);

		if( i==Size-1)  //print the last spaces
		{
			for(j=0;j<15-i%16;j++)
			{
			  fprintf(logfile , "   "); //extra spaces
			}

			fprintf(logfile , "         ");

			for(j=i-i%16 ; j<=i ; j++)
			{
				if(data[j]>=32 && data[j]<=128)
				{
				  fprintf(logfile , "%c",(unsigned char)data[j]);
				}
				else
				{
				  fprintf(logfile , ".");
				}
			}

			fprintf(logfile ,  "\n" );
		}
	}
}

The log file will looks somewhat like this :

***********************TCP Packet************************* Ethernet Header |-Destination Address : 00-25-5E-1A-3D-F1 |-Source Address : 00-1C-C0-F8-79-EE |-Protocol : 8 IP Header |-IP Version : 4 |-IP Header Length : 5 DWORDS or 20 Bytes |-Type Of Service : 0 |-IP Total Length : 141 Bytes(Size of Packet) |-Identification : 13122 |-TTL : 64 |-Protocol : 6 |-Checksum : 45952 |-Source IP : 192.168.1.6 |-Destination IP : 74.125.71.125 TCP Header |-Source Port : 33655 |-Destination Port : 5222 |-Sequence Number : 78458457 |-Acknowledge Number : 2427066746 |-Header Length : 5 DWORDS or 20 BYTES |-Urgent Flag : 0 |-Acknowledgement Flag : 1 |-Push Flag : 1 |-Reset Flag : 0 |-Synchronise Flag : 0 |-Finish Flag : 0 |-Window : 62920 |-Checksum : 21544 |-Urgent Pointer : 0 DATA Dump IP Header 00 25 5E 1A 3D F1 00 1C C0 F8 79 EE 08 00 45 00 .%^.=.....y...E. 00 8D 33 42 ..3B TCP Header 40 00 40 06 B3 80 C0 A8 01 06 4A 7D 47 7D 83 77 @.@..?....J}G}.w 14 66 04 AD .f.. Data Payload 17 03 01 00 60 A0 9C 5D 14 A1 25 AB CE 8B 7C EB ....`..]..%...|. 1A A4 43 A6 60 DD E8 6B 6E 43 C1 94 6A D2 25 23 ..C.`..knC..j.%# 03 98 59 67 1A 2C 07 D3 7E B2 B8 9F 83 38 4C 69 ..Yg.,..~....8Li D3 3A 8E 0D 9E F0 6B CE 9E 6B F4 E1 BD 9E 50 53 .:....k..k....PS 6D F6 AB 11 05 D6 41 82 F0 03 0C A6 E2 48 2B 71 m.....A......H+q 16 81 FF 5B DF 50 D4 5B AD 90 04 5E 4C 94 E7 9B ...[.P.[...^L... 0B 72 7E 32 88 .r~2. ########################################################### ***********************TCP Packet************************* Ethernet Header |-Destination Address : 00-1C-C0-F8-79-EE |-Source Address : 00-25-5E-1A-3D-F1 |-Protocol : 8 IP Header |-IP Version : 4 |-IP Header Length : 5 DWORDS or 20 Bytes |-Type Of Service : 32 |-IP Total Length : 141 Bytes(Size of Packet) |-Identification : 30410 |-TTL : 48 |-Protocol : 6 |-Checksum : 49112 |-Source IP : 74.125.71.125 |-Destination IP : 192.168.1.6 TCP Header |-Source Port : 5222 |-Destination Port : 33655 |-Sequence Number : 2427066746 |-Acknowledge Number : 78458558 |-Header Length : 5 DWORDS or 20 BYTES |-Urgent Flag : 0 |-Acknowledgement Flag : 1 |-Push Flag : 1 |-Reset Flag : 0 |-Synchronise Flag : 0 |-Finish Flag : 0 |-Window : 63784 |-Checksum : 63942 |-Urgent Pointer : 0 DATA Dump IP Header 00 1C C0 F8 79 EE 00 25 5E 1A 3D F1 08 00 45 20 ....y..%^.=...E 00 8D 76 CA ..v. TCP Header 00 00 30 06 BF D8 4A 7D 47 7D C0 A8 01 06 14 66 ..0...J}G}.....f 83 77 90 AA .w.. Data Payload 17 03 01 00 60 01 B9 00 4E C7 79 0D 89 09 15 BF ....`...N.y..... 9C BB 53 8D 50 DB 97 4E 25 AC FA E2 55 20 94 8B ..S.P..N%...U .. AF 6E 84 E2 95 8B D9 26 A3 63 7D E4 F0 CA 6F 72 .n.....&.c}...or F6 29 95 79 98 BC 12 BF F1 C5 34 42 83 A3 F8 B6 .).y......4B.... 9E B2 7B 1C FC F7 3E BA 4E B1 FB 36 89 93 E3 58 ..{...>.N..6...X A7 FC 5B C3 68 9E 35 CC 25 00 7D 82 3D DB 86 EA ..[.h.5.%.}.=... 66 89 99 B3 65 f...e ###########################################################

In the above log we can see the ethernet headers being printed. They show the source and destination mac address along with the packet protocol. 8 means IP protocol

Note :

1. If you want to sniff only IP and ARP packets for example then you can try this :
sock_raw = socket( AF_PACKET , SOCK_RAW , htons(ETH_P_IP|ETH_P_ARP)) ;

The complete list of protocols is found in /usr/include/linux/if_ether.h

/* * These are the defined Ethernet Protocol ID's. */ #define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */ #define ETH_P_PUP 0x0200 /* Xerox PUP packet */ #define ETH_P_PUPAT 0x0201 /* Xerox PUP Addr Trans packet */ #define ETH_P_IP 0x0800 /* Internet Protocol packet */ #define ETH_P_X25 0x0805 /* CCITT X.25 */ #define ETH_P_ARP 0x0806 /* Address Resolution packet */ #define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */ #define ETH_P_IEEEPUP 0x0a00 /* Xerox IEEE802.3 PUP packet */ #define ETH_P_IEEEPUPAT 0x0a01 /* Xerox IEEE802.3 PUP Addr Trans packet */ #define ETH_P_DEC 0x6000 /* DEC Assigned proto */ #define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */ #define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */ #define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */ #define ETH_P_LAT 0x6004 /* DEC LAT */ #define ETH_P_DIAG 0x6005 /* DEC Diagnostics */ #define ETH_P_CUST 0x6006 /* DEC Customer use */ #define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */ #define ETH_P_TEB 0x6558 /* Trans Ether Bridging */ #define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */ #define ETH_P_ATALK 0x809B /* Appletalk DDP */ #define ETH_P_AARP 0x80F3 /* Appletalk AARP */ #define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */ #define ETH_P_IPX 0x8137 /* IPX over DIX */ #define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */ #define ETH_P_PAUSE 0x8808 /* IEEE Pause frames. See 802.3 31B */ #define ETH_P_SLOW 0x8809 /* Slow Protocol. See 802.3ad 43B */ #define ETH_P_WCCP 0x883E /* Web-cache coordination protocol * defined in draft-wilson-wrec-wccp-v2-00.txt */ #define ETH_P_PPP_DISC 0x8863 /* PPPoE discovery messages */ #define ETH_P_PPP_SES 0x8864 /* PPPoE session messages */ #define ETH_P_MPLS_UC 0x8847 /* MPLS Unicast traffic */ #define ETH_P_MPLS_MC 0x8848 /* MPLS Multicast traffic */ #define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */ #define ETH_P_LINK_CTL 0x886c /* HPNA, wlan link local tunnel */ #define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport * over Ethernet */ #define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */ #define ETH_P_AOE 0x88A2 /* ATA over Ethernet */ #define ETH_P_TIPC 0x88CA /* TIPC */ #define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */ #define ETH_P_FCOE 0x8906 /* Fibre Channel over Ethernet */ #define ETH_P_FIP 0x8914 /* FCoE Initialization Protocol */ #define ETH_P_EDSA 0xDADA /* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */ /* * Non DIX types. Won't clash for 1500 types. */ #define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */ #define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */ #define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */ #define ETH_P_802_2 0x0004 /* 802.2 frames */ #define ETH_P_SNAP 0x0005 /* Internal only */ #define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */ #define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/ #define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */ #define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */ #define ETH_P_CAN 0x000C /* Controller Area Network */ #define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/ #define ETH_P_TR_802_2 0x0011 /* 802.2 frames */ #define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */ #define ETH_P_CONTROL 0x0016 /* Card specific control frames */ #define ETH_P_IRDA 0x0017 /* Linux-IrDA */ #define ETH_P_ECONET 0x0018 /* Acorn Econet */ #define ETH_P_HDLC 0x0019 /* HDLC frames */ #define ETH_P_ARCNET 0x001A /* 1A for ArcNet :-) */ #define ETH_P_DSA 0x001B /* Distributed Switch Arch. */ #define ETH_P_TRAILER 0x001C /* Trailer switch tagging */ #define ETH_P_PHONET 0x00F5 /* Nokia Phonet frames */ #define ETH_P_IEEE802154 0x00F6 /* IEEE802.15.4 frame */ #define ETH_P_CAIF 0x00F7 /* ST-Ericsson CAIF protocol */

Enjoy!!