On 2008-01-17 18:37, Jefferson Ogata wrote:
To get the next four octets, use:
tcp[((tcp[12:1] & 0xf0) >> 2):4 + 4] = 0xdeadbeef
Sorry, that latter case should have been:
tcp[(((tcp[12:1] & 0xf0) >> 2) + 4):4] = 0xdeadbeef
--
Jefferson Ogata <[EMAIL PROTECTED]>
NOAA Computer Incident Response
On 2008-01-17 13:20, Moheed Moheed Ahmad wrote:
The problem I am facing is the same interface sometimes gives the normal
packet and sometimes with 12 bytes extra.
So when I apply the normal capture filter those with normal packets get
filtered out.
The length of the TCP header + options is enco
Hi,
I am stuck with a problem regarding Capture filter.
I had a packet with following structure.
eth_src_addr + eth_dest_addr + 2 bytes(0xf000) + 10 bytes of garbage + 2
bytes of ethertype + then usual packet[ip] follows
That is a normal ethernet packet with, 2 bytes (which is always fix and
di
