0

I am using winpcap in order to sniff network traffic.

Is there a way to extract the packet from the frame (ie getting layer 3 and up without layer 2) if I don't know which layer 2 protocol is used on the network?

omer12433
  • 199
  • 1
  • 17

2 Answers2

2

No. WinPcap delivers layer 2 (data link layer) packets, so you have to look at the layer 2 header, if necessary, to determine what layer 3 (network layer) protocol is being used, and then extract the layer 3 packet.

However, pcap_datalink() will tell you what layer 2 protocol is being used, so there will not be a case where you don't know which layer 2 protocol is being used on the network. See the list of pcap link-layer type values; compare the the value returned by pcap_datalink() with the DLT_ values mentioned in that page.

  • thank you, i thought this was the only way. do you know which data link protocols are common on lans? – omer12433 Dec 21 '14 at 21:00
  • Wired LANs are almost always Ethernet. Wireless LANs are almost always 802.11, but capturing on 802.11 networks is more difficult (to capture traffic other than traffic to and from your machine, you have to capture in monitor mode, which 1) isn't supported by WinPcap and 2) means you'll capture encrypted packets on a "protected" network using WEP or WPA/WPA2). –  Dec 22 '14 at 07:54
  • If you're asking because you only want to support some link-layer types, you should, if `pcap_datalink()` doesn't return a `DLT_` value for a link-layer type you support, report an error to the user, so they know that your program can't capture on that network. –  Dec 22 '14 at 07:55
0

Use this code in TestPacketCapture module

fp = fopen("D:\\Payload_data\\example.txt", "w+");  
for ( i=0; i<ulLines; i++ )
        {
            pLine =pChar;
            printf( "%08lx : ", pChar-base );
            ulen=tlen;
            ulen = ( ulen > 16 ) ? 16 : ulen;
            tlen -= ulen;

            for ( j=0; j<ulen; j++ )
            {  printf( "%02x ", *(BYTE *)pChar++ );
               // ch = *(BYTE *)pChar; // variable for writing to file
                fprintf(fp, pChar); //writing to a file
                //fputs("data is", fp);              
             }
Momin
  • 3,200
  • 3
  • 30
  • 48
ashokavanjare
  • 1
  • 1