I am using TCPTRACE in Fedora Linux Kernel version 2.6.18.1 to extract and
process packets from a packet dump file. To process each packet, the md_read()
function is called . The code of which is as follows.
I am trying to extract payload from these packets. but when I display the bytes
of the payload or infact the packet using *payload or *pip pointer
...........all bytes appear to be zero.........
I could not figure out why this is happening............
any suggestions or help ..............
void
md_read(
struct ip *pip, /* the packet */
tcp_pair *ptp, /* info I have about this connection */
void *plast, /* past byte in the packet */
void *mod_data) /* connection info for this one */
{
unsigned int j;
unsigned char *payload,*packet;
long bytes,payload_length,size_iphdr,size_tcphdr;
if (pip->ip_p != IPPROTO_TCP) return; //only process tcp packets
packet = pip;
size_iphdr = 4*IP_HL(pip);
if(size_iphdr<20){printf("Invalid IP header:%u bytes\n",size_iphdr);
return;}
struct tcphdr *ptcp = (struct tcphdr *) (packet + size_iphdr);
size_tcphdr = 4*TH_OFF(ptcp);
if(size_tcphdr<20){printf("Invalid TCP header:%u bytes\n",size_tcphdr);
return;}
//contains the pointer to the payload
payload = (packet + size_iphdr + size_tcphdr );
bytes = ntohs(pip->ip_len); //total length of the packet
payload_length = bytes - size_iphdr -size_tcphdr ; //payload length
}
Send instant messages to your online friends http://uk.messenger.yahoo.com
