dear Thinh Ho:
get tcp header with the following way
struct ethhdr *eth;
struct iphdr *ip;
struct tcphdr *tcp;
eth=(struct ethhdr *)packet;
ip=(struct iphdr *)(eth+1);
tcp=(struct tcphdr *)((u_char *)ip+(ip->ihl<<2));
and you can see linux/tcp.h for details
rootclown
======= 2005-07-09 01:58:38 您在来信中写道:=======
>Hello,
>I am new to the mailing list and also new to pcap, tcpdump, and tcp, in
>general.
>I am trying to capture tcp packets and extract/print all its fields in
>readable format. The sniffer works and I was able to print out the
>whole packet (in hex) and confirmed it with Ethereal. The struct I
>have for the tcp header is below:
>
>typedef struct tcp_header
>{
> u_short sport; // Source port
> u_short dport; // Destination port
> u_int seqnum; // Sequence Number
> u_int acknum; // Acknowledgement number
> u_char hlen; // Header length
> u_char flags; // packet flags
> u_short win; // Window size
> u_short crc; // Header Checksum
> u_short urgptr; // Urgent pointer
>
> // options field of tcp_header
> typedef struct option
> {
> byte kind;
> byte length;
> unsigned long tsval;
> unsigned long tserc;
> }option;
>
> struct option op;
>} tcp_header;
>
>When call the acknum and each field of options (and everything else,
>but for now I am concentrating on these two fields), it is not
>displaying the correct data for some packets because the sizes of
>ethernet header and ip header varies:
>
>tcp_header* tcp = (tcp_header*) (pkt_data + sizeof(struct
>ethernet_header) + sizeof(struct ip_header));
>
>Do I have to define every part of the tcp header such as flags,
>padding, etc in the struct? Any input on this will greatly be
>appreciated, and I apologize if this is a newbie question.
>
>-Thinh
>-
>This is the tcpdump-workers list.
>Visit https://lists.sandelman.ca/ to unsubscribe.
>
= = = = = = = = = = = = = = = = = = = =
致
礼!
rootclown
[EMAIL PROTECTED]
2005-07-09
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
