I am using TCPTRACE in Fedora Linux Kernel version 2.6.18.1 to extract and process packets from a packet dump file. To process each packet, the md_read() function is called . The code of which is as follows. I am trying to extract payload from these packets. but when I display the bytes of the payload or infact the packet using *payload or *pip pointer ...........all bytes appear to be zero......... I could not figure out why this is happening............
any suggestions or help .............. void md_read( struct ip *pip, /* the packet */ tcp_pair *ptp, /* info I have about this connection */ void *plast, /* past byte in the packet */ void *mod_data) /* connection info for this one */ { unsigned int j; unsigned char *payload,*packet; long bytes,payload_length,size_iphdr,size_tcphdr; if (pip->ip_p != IPPROTO_TCP) return; //only process tcp packets packet = pip; size_iphdr = 4*IP_HL(pip); if(size_iphdr<20){printf("Invalid IP header:%u bytes\n",size_iphdr); return;} struct tcphdr *ptcp = (struct tcphdr *) (packet + size_iphdr); size_tcphdr = 4*TH_OFF(ptcp); if(size_tcphdr<20){printf("Invalid TCP header:%u bytes\n",size_tcphdr); return;} //contains the pointer to the payload payload = (packet + size_iphdr + size_tcphdr ); bytes = ntohs(pip->ip_len); //total length of the packet payload_length = bytes - size_iphdr -size_tcphdr ; //payload length } Send instant messages to your online friends http://uk.messenger.yahoo.com