A puzzled by winsock :S

[schim]

Ok, I'm now making alot of progress on making a Data traffic analizer, I can now succesfully capture IP packets (well this is not really true, because I'm not sure why my program captures packets if I load a video in youtube, but not if I surf to mpgh, so if someone spots any errors/sloppy code please post )

But I cannot decode them into readable(visable) chucks of data, or decode their headers

Can someone fill me up on how to do it, possibly providing me with example/functional code (yes I do plan to leech if possible , yes I do know how to code)

Here's some proof that I have been busy with this for a while now:

Main.h

Code:

#pragma comment "Main.h"

#define MAX_IP_SIZE 65535

#include <iostream>
#include <winsock2.h>
#include <iphlpapi.h>
#include <Mstcpip.h>

#pragma comment(lib, "iphlpapi.lib")
#pragma comment(lib, "ws2_32.lib")

int Initialize();

using namespace std;

Capture Trafic.cpp

Code:

#include "Main.h"

DWORD dwBytesRet;
DWORD dwFlags;
WSADATA wsaData;
WSABUF wbuf;
SOCKET s1;

struct sockaddr_in Lip;
char rcvbuf[MAX_IP_SIZE];
char ac[80];
unsigned int optval;
char buffer[10];

ostream& operator<<(ostream& out, const WSADATA& WsaData) {  //Overloading for WSADATA
	out<< "MaxSockets: "<< WsaData.iMaxSockets << endl;
	out<< "MaxiMaxUdpDg: "<< WsaData.iMaxUdpDg << endl; 
	out<< "Description: "<< WsaData.szDescription << endl;
	out<< "SystemStatus: "<< WsaData.szSystemStatus << endl;
	out<< "Winsock High Version: "<< WsaData.wHighVersion << endl;
	out<< "Version: "<< WsaData.wVersion << endl;
	    return out;  //return exectution
	}




 int Initialize(){
cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n";

 if( WSAStartup( MAKEWORD(2, 2), &wsaData ) != NO_ERROR )  //initialize winsock 
    {
        cerr<<"Socket Initialization: wsa startup error\n";
        WSACleanup();
        return -1;
    }
 
 cout<<"WsaStartup succesfully initialized\n\nWSADATA: "<< wsaData <<"\n\n";  //using overloaded operator
 
 // ( s1 = socket( AF_UNSPEC, SOCK_RAW, IPPROTO_ICMP ) ) //initialize raw socket
  
 if (  (s1 = WSASocket(AF_INET, SOCK_RAW,  IPPROTO_IP, NULL, 0, WSA_FLAG_OVERLAPPED) ) == INVALID_SOCKET) { //check for errors
	 cout << "Invailid socket error: "<< WSAGetLastError() << endl;  // call wsagetlasterror if there are any errors
	 WSACleanup();
	 return -2;
 } else {
	 cout<<"Raw socket is succesfully bound: "<< s1 << endl;
 }


 
 if (gethostname(ac, sizeof(ac)) == SOCKET_ERROR) {
	 cout<<"Can not resolve host name: "<< WSAGetLastError() << endl;
	 WSACleanup();
	 return -3;
 } else {
	 cout<<"Host address name is: "<< ac << endl;
 }

    struct hostent *phe = gethostbyname(ac);
    if (phe == 0) {
        cerr << "Hostlookup failed" << endl;
        return -4;
    }
	struct in_addr addr;
	memcpy(&addr, phe->h_addr_list[0], sizeof(struct in_addr));
	cout<<"Host address is: "<< inet_ntoa(addr) << endl;
    
Lip.sin_family = AF_INET;
Lip.sin_addr.s_addr = inet_addr( inet_ntoa( addr ) );
Lip.sin_port = htons( 0 );

cout<<"Addres bound to inet_addr: "<<  Lip.sin_addr.s_addr <<endl; 

if (  bind(s1,  (SOCKADDR*) &Lip, sizeof(Lip)) != 0 ){
	cout<<"Cannot bind socket: "<< WSAGetLastError() << endl;
	 WSACleanup();
	 closesocket(s1);
	 return -5;
} else {
	cout<<"Socket succesfully bound: "<< s1 << endl;
}

int i =  WSAIoctl( s1, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL);
if( i != 0) {
 cout << "WSAIoctl error: "<< WSAGetLastError() << endl;  // call wsagetlasterror if there are any errors
	 WSACleanup();
	 closesocket(s1);
	 return -6;
} else{
cout<<"WSAioctl succesfully called"<<endl;
}
    
     wbuf.len = MAX_IP_SIZE;
     wbuf.buf = rcvbuf;
     dwFlags  = 0;

	 while(1){
 int ret = WSARecv(s1, &wbuf, 1, &dwBytesRet, &dwFlags, NULL, NULL);
// recv(s1, buffer, sizeof(buffer), NULL);
  if (ret == SOCKET_ERROR){
	  cout<<"WSARecv ERROR: "<<WSAGetLastError() << endl;
      WSACleanup();
	  closesocket(s1);
	  return -7;
  }else{
	      
	  for(int i = 0; i != wbuf.len; i++){
   cout<<wbuf.buf[i]<<endl;
	  }
	 }
	
	 }
 cout<<"ERROR: "<< WSAGetLastError()<< endl;




 cout<<"\n\n#########DATA TRAFIC ANILIZING COMPONENT#########\n\n#########END#########\n\n";
 return 0;
 
 }

in the end, wbuf.buf/.len hold's all the data I've captured, if someone could just show me how to decode it...

-SCHiM

[Hell_Demon]

Could you post a sample of what it currently outputs(if any)?

[schim]

I've replaced the outputting part with this:

Code:

 cout<<"Packet Length: "<<wbuf.len<<endl;
	  cout<<"Packet data: "<<wbuf.buf<<endl;

because the code that's outputting in the code in my mean post just spits a out a black hole

the output looks like:
Packet Length: 63555
Packet data: E

and that's it

[Hell_Demon]

the output looks like:
Packet Length: 63555
Packet data: E

and that's it

WSARecv(s1, &wbuf, 1,

You're recieving 1 byte at a time(so the for-loop to print all characters in wbuf is unnecessary), perhaps your problem lies there?

[schim]

Changing that value returns a 10014 (Bad address) error

And then I checked howmany bytes I got returned: dwBytesRet
Most of the time it's 1404 or more, so that's not it...

[Hell_Demon]

solved and locked