Hi,
>> static void handle_packet(unsigned char * ifile, const struct pcap_pkthdr
>> *
>> h, const u_char * sp)
>> {
>> const struct ip * ip = (struct ip *) (sp + ETHER_HDRLEN);
>> const struct tcphdr * tcp_hdr = (const struct tcphdr *)(sp + ETHER_HDRLEN
>> + sizeof(struct iphdr));
>>
>
> You are assuming that the IP header length is constant (sizeof(struct
> iphdr)), but it's not. You need to get the IP header length from the the IP
> header itself.
>
>
Source port and dest number seem to be ok, so I guess this is not the
problem. Nevertheless, I tried the code below but it does not make a
difference. Why do I get those weird seq and ack numbers? I am really
stuck...
Thanks,
Andrej
struct ip {
u_int8_t ip_vhl; /* header length, version */
#define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4)
#define IP_HL(ip) ((ip)->ip_vhl & 0x0f)
u_int8_t ip_tos; /* type of service */
u_int16_t ip_len; /* total length */
u_int16_t ip_id; /* identification */
u_int16_t ip_off; /* fragment offset field */
#define IP_DF 0x4000 /* dont fragment flag */
#define IP_MF 0x2000 /* more fragments flag */
#define IP_OFFMASK 0x1fff /* mask for fragmenting bits */
u_int8_t ip_ttl; /* time to live */
u_int8_t ip_p; /* protocol */
u_int16_t ip_sum; /* checksum */
struct in_addr ip_src,ip_dst; /* source and dest address */
};
static void handle_packet(unsigned char * ifile, const struct pcap_pkthdr *
h, const u_char * sp)
{
const struct ip * ip = (struct ip *) (sp + ETHER_HDRLEN);
const struct tcphdr * tcp_hdr = (const struct tcphdr *)(sp + ETHER_HDRLEN
+ IP_HL(ip));
tcp_seq seq = ntohl(tcp_hdr->th_seq);
tcp_seq ack = ntohl(tcp_hdr->th_ack);
fprintf(stdout,"seq %u ack %u", seq, ack);
}
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
