Ask Your Question
0

how to change packet length in the packet header for every incoming packet

asked 2019-06-05 11:54:53 +0000

stanumes gravatar image

updated 2019-06-11 14:12:00 +0000

Jaap gravatar image

I am getting "Frame 1 too long(18109400 bytes)" error. How to solve this? Thanks in advance.

edit retag flag offensive close merge delete

Comments

Either 1) you really do have packets that large or 2) somehow the file you're trying to read got damaged, and there may be other problems with the file, even if you change the packet headers. How was that file produced?

Guy Harris gravatar imageGuy Harris ( 2019-06-05 19:27:31 +0000 )edit

We are sending the global and packet headers to the pipe directly without writing to a file. The error pops up while writing the packet header.

stanumes gravatar imagestanumes ( 2019-06-06 12:20:08 +0000 )edit

What program is writing the headers to the pipe? That program may be buggy. What happens if you run the program, send its output to a file rather than a pipe, and then try to read the file with Wireshark?

Guy Harris gravatar imageGuy Harris ( 2019-06-06 20:50:52 +0000 )edit

I tried writing to file but when I tried to open the pcap file, it says "The file "test.pcap" isn't a capture file in a format Wireshark understands."

I have attached my entire code above. Could you please have a look at it and suggest changes, if any?

stanumes gravatar imagestanumes ( 2019-06-11 10:45:06 +0000 )edit

I've rolled back your massive change of question. This is not the place to dump source code. Use other public accessible sites for this, e.g., GitLab, GitHub, pastbin or similar.

Jaap gravatar imageJaap ( 2019-06-11 14:13:45 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-06-05 14:01:53 +0000

Jaap gravatar image

Assuming you're writing the packets yourself, make sure to match the byte ordering in the global header magic number and the length fields in the packet header.

edit flag offensive delete link more

Comments

This is my Global header :

 typedef struct pcap_hdr_s { 
 uint32_t magic_number; 
 uint16_t version_major; 
 uint16_t version_minor; 
 uint16_t thiszone; 
 uint32_t sigfigs; 
 uint32_t snaplen;
 uint32_t network; 
} ; 

pcap_hdr_s pcap_hdr_tr;
pcap_hdr_tr.magic_number = 0xd4c3b2a1;
pcap_hdr_tr.version_major = 2;
pcap_hdr_tr.version_minor = 4;
pcap_hdr_tr.thiszone = 0;
pcap_hdr_tr.sigfigs = 0;
pcap_hdr_tr.snaplen = 65535;
pcap_hdr_tr.network = 1;

And this is my packet header:

 typedef struct pcaprec_hdr_s { 
 uint32_t ts_sec; /* timestamp seconds */
 uint32_t ts_usec; /* timestamp microseconds */
 uint32_t incl_len; /* number of octets of packet saved in file */
 uint32_t orig_len; /* actual length of packet */
} ;

    char RxPuffer[256] = {0}; // RxPuffer will store the incoming serial data

pcaprec_hdr_s pcaprec_hdr_t;
pcaprec_hdr_t.ts_sec = 0x41B35E88;
pcaprec_hdr_t.ts_usec = 0x0004D80D;
pcaprec_hdr_t.incl_len = strlen(RxPuffer); 
pcaprec_hdr_t.orig_len = strlen(RxPuffer);

Could you please clarify if this approach is right?

Thank you :)

stanumes gravatar imagestanumes ( 2019-06-05 14:16:25 +0000 )edit
pcap_hdr_tr.magic_number = 0xd4c3b2a1;

As per the pcap-savefile man page, the magic number is 0xa1b2c3d4, no 0xd4c3b2a1.

If you write out a magic number with the value 0xa1b2c3d4, you are indicating that the file's byte order is the same as the byte order of the machine writing the file, so all the other multi-byte values in the file header and in the packet headers can be written out in the byte order of the machine writing the file.

If you write out a magic number with the value 0xd4c3b2a1, you are indicating that the file's byte order is the opposite byte order from the byte order of the machine writing the file, so all the other multi-byte values in the file header and the packet headers must be written out in the opposite byte order of the host that's writing the file, so you'd have to byte-swap ...(more)

Guy Harris gravatar imageGuy Harris ( 2019-06-06 20:59:39 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-06-05 11:54:53 +0000

Seen: 1,177 times

Last updated: Apr 25 '20