On Sun, Feb 27, 2005 at 10:37:34PM +0400, Ramsurrun Visham wrote:
| Hi to all,
|
| I would like to know how do we grab the icmp header from an ethernet frame. I
believe we have to jump pass the ethernet and IP headers..
no - we actually need to parse through the IP header to find out if the header
is variable length [IP options etc.]
have a look at the point where the icmp printer is called in print-ip.c
---
case IPPROTO_ICMP:
/* pass on the MF bit plus the offset to detect
fragments */
icmp_print(cp, len, (const u_char *)ip, (off & 0x3fff));
break;
---
| u_char * handle_IP(u_char *args, const struct pcap_pkthdr* pkthdr, const
u_char* packet)
|
| {
| const struct my_ip* p;
| u_int length = pkthdr->len;
|
| ip = (struct my_ip*)(packet + sizeof(struct ether_header));
| length -= sizeof(struct ether_header);
| }
|
| I tried to check the tcpdump source code but couldn't understand it. I looked
in print_icmp.c and print_ip.c in particular.
|
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
