I am using below code from here to print DNS information from captured packets. It perfectly words till I print out the TTL.
packet_desc* pd = (packet_desc*)pack;
printf("IP HEADER\n");
printf("%ssource:%s\n", tab, inet_ntoa(pd->ip.src) );
printf("%sdest:%s\n", tab, inet_ntoa(pd->ip.dst) );
printf("UDP HEADER\n");
printf("%ssource port:%d\n", tab, ntohs(pd->udp.sport) );
printf("%sdest port:%d\n", tab, ntohs(pd->udp.dport) );
printf("DNS HEADER\n");
printf("%sid:%d\n", tab, ntohs(pd->dns.id));
printf("%sflags:%d\n", tab, ntohs(pd->dns.flags));
printf("%s# questions:%d\n", tab, ntohs(pd->dns.qdcount));
printf("%s# answers:%d\n", tab, ntohs(pd->dns.ancount));
printf("%s# ns:%d\n", tab, ntohs(pd->dns.nscount));
printf("%s# ar:%d\n", tab, ntohs(pd->dns.arcount));
printf("RESOURCE RECORDS\n");
int numRRs = ntohs(pd->dns.qdcount) + ntohs(pd->dns.ancount) + ntohs(pd->dns.nscount) + ntohs(pd->dns.arcount);
int i;
if (ntohs(pd->udp.sport) == 53)
{
//numRRs = 0;
for(i=0; i<numRRs; i++){
printf("SizeofURL:(%d)", sizeofUrl(pd->data)-2); print_url(pd->data); printf("\n");
// extract variables
static_RR* RRd = (static_RR*)((void*)pd->data + sizeofUrl(pd->data));
int type = ntohs(RRd->type);
if (type == 1)
{
int ttl = (uint32_t)ntohl(RRd->ttl);
printf("%sTTL:%d \n", tab, ttl);
}
}
The output off the above code looks like this:
IP HEADER
source:192.168.1.1
dest:192.168.1.7
UDP HEADER
source port:53
dest port:64740
DNS HEADER
id:44005
flags:33152
# questions:1
# answers:1
# ns:0
# ar:0
RESOURCE RECORDS
SizeofURL:(16).www.google.co.nz
TTL:-1072955391
SizeofURL:(16).www.google.co.nz
TTL:-1072955391
any idea what's wrong with the code? Is using "ns_parserr" the best way to go?
I'm no expert but mine works. Make sure you have it defined uint32_t ttl;
and print...
printf("answer time <%d> \n", ntohs(answer->ttl));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With