Hi, I have found another post in the mailing list about this ( http://www.tcpdump.org/lists/workers/2005/05/msg00021.html), but it appears to use structs sniff_ip and sniff_tcp that are declared in the sniffex program. In my program, I'm using the structs for the IP and TCP headers as defined in netinet/ip.h and netinet/tcp.h, respectively. Is there a way to get the TCP payload length using these, or do I necessarily need to "create" my own structs?
On another (unrelated note), is there no search facility for the mailing lists? Regards, Nicky Chorley - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
