tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP Header Size is always 5

From: Shameem Ahamed <shameem.ahamed () hotmail com>
Date: Thu, 2 Apr 2009 00:00:50 +0530

Hi All,

Thanks for all the replies, and suggestions.

I got it resolved.


The problem was with a character pointer,i defined earlier.   I forgot the fact that header size is in terms of words.

Thanks fore reminding me.


Regards,
Shameem






From: guy () alum mit edu
Subject: Re: [tcpdump-workers] IP Header Size is always 5
Date: Wed, 1 Apr 2009 11:21:12 -0700
To: tcpdump-workers () lists tcpdump org


On Apr 1, 2009, at 8:32 AM, Shameem Ahamed wrote:


In that case also, we should be able to get the source and  
destination IP address from the below code

printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));

For me it gives me Segmentation Fault.


inet_ntoa() takes a "struct in_addr" as an argument; is the ip_src  
field in "struct ip" a "struct in_addr"?

If not, then you would need to declare a "struct in_addr" variable:

      struct in_addr addr;

and do

      memcpy(&addr.s_addr, ipHeader->ip_src, sizeof addr.s_addr);
      printf("Source IP: %s\n", inet_ntoa(addr));

as

      1) there might be an alignment issue, as Sebastien said (admittedly,  
he works at Sun, who have one of the few lines of processors that  
don't do unaligned accesses; most people are probably programming on  
x86 machines these days, and they don't have alignment issues with any  
OS I know of, *but* they shouldn't assume a lack of alignment issues  
in the general case);

      2) there is no *guarantee* that a 4-byte structure such as a "struct  
in_addr" is passed as an argument the same way a 4-byte integral  
value, for example, is passed (it might be likely, but it's not  
guaranteed, and code should *NOT* assume it in the general case).


Also, i am not able to access the tcp header details.


      ...


tcpHeader=(struct tcphdr *)(packet +ETHER_SIZE+size_ip);


size_ip is set to ipHeader->ip_hl*4, right?

If not, it should be, as per what Sebastien said.


printf("====================TCP Header Details================\n");
size_tcp=tcpHeader->doff;
printf("TCP Header Size is: %d \n",size_tcp);


That's also in units of 4-byte words, so the TCP header size is  
tcpHeader->doff*4.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


_________________________________________________________________
How fun is this? IMing with Windows Live Messenger just got better.
http://www.microsoft.com/india/windows/windowslive/messenger.aspx-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: