Hello,
I am new to the mailing list and also new to pcap, tcpdump, and tcp, in general.
I am trying to capture tcp packets and extract/print all its fields in
readable format. The sniffer works and I was able to print out the
whole packet (in hex) and confirmed it with Ethereal. The struct I
have for the tcp header is below:
typedef struct tcp_header
{
u_short sport; // Source port
u_short dport; // Destination port
u_int seqnum; // Sequence Number
u_int acknum; // Acknowledgement number
u_char hlen; // Header length
u_char flags; // packet flags
u_short win; // Window size
u_short crc; // Header Checksum
u_short urgptr; // Urgent pointer
// options field of tcp_header
typedef struct option
{
byte kind;
byte length;
unsigned long tsval;
unsigned long tserc;
}option;
struct option op;
} tcp_header;
When call the acknum and each field of options (and everything else,
but for now I am concentrating on these two fields), it is not
displaying the correct data for some packets because the sizes of
ethernet header and ip header varies:
tcp_header* tcp = (tcp_header*) (pkt_data + sizeof(struct
ethernet_header) + sizeof(struct ip_header));
Do I have to define every part of the tcp header such as flags,
padding, etc in the struct? Any input on this will greatly be
appreciated, and I apologize if this is a newbie question.
-Thinh
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
