The only difference between the structure definitions that you are using and the sniffex_XXX ones is probably the name of the structure members. The process detailed in http://www.tcpdump.org/lists/workers/2005/05/msg00021.html is correct, just check that you translate the struct member names to the equivalents for netinet/ip.h etc.
Regards, Luis. NOTE: You might want to know that there are two ways to define a tcp structure, the Linux way and the BSD way. You are probably using the Linux definition 'cause the BSD one matches the sniff_tcp, check wikipedia entry "tcphdr" for more information. On 8/8/07, Nick Chorley <[EMAIL PROTECTED]> wrote: > > Hi, > > I have found another post in the mailing list about this ( > http://www.tcpdump.org/lists/workers/2005/05/msg00021.html), but it > appears > to use structs sniff_ip and sniff_tcp that are declared in the sniffex > program. In my program, I'm using the structs for the IP and TCP headers > as > defined in netinet/ip.h and netinet/tcp.h, respectively. Is there a way to > get the TCP payload length using these, or do I necessarily need to > "create" > my own structs? > > On another (unrelated note), is there no search facility for the mailing > lists? > > Regards, > > Nicky Chorley > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
