tcpdump mailing list archives
Re: tcp sequence and ack number with libpcap
From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Thu, 19 Aug 2010 09:42:05 -0700
-------------------------------------------------- From: "Andrej van der Zee" <andrejvanderzee () gmail com> Sent: Thursday, August 19, 2010 7:23 AM To: <tcpdump-workers () lists tcpdump org> Subject: [tcpdump-workers] tcp sequence and ack number with libpcap
Hi,I am trying to get the TCP sequence and ack number of TCP packets. Somehow Iget different values than "tcpdump -vv" does. The numbers are way too bigall the time. Source and destination ports are just fine. Below the relevantcode. I studied the tcpdump source code but can't find why. Please help, I am stuck! Thank you, Andrej #define ETHER_HDRLEN 14 typedef u_int32_t tcp_seq; struct tcphdr { u_int16_t th_sport; /* source port */ u_int16_t th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledgement number */ u_int8_t th_offx2; /* data offset, rsvd */ u_int8_t th_flags; u_int16_t th_win; /* window */ u_int16_t th_sum; /* checksum */ u_int16_t th_urp; /* urgent pointer */ };static void handle_packet(unsigned char * ifile, const struct pcap_pkthdr *h, const u_char * sp) { const struct ip * ip = (struct ip *) (sp + ETHER_HDRLEN); const struct tcphdr * tcp_hdr = (const struct tcphdr *)(sp + ETHER_HDRLEN + sizeof(struct iphdr));
You are assuming that the IP header length is constant (sizeof(struct iphdr)), but it's not. You need to get the IP header length from the the IP header itself.
Have a nice day GV
tcp_seq seq = htonl(tcp_hdr->th_seq); tcp_seq ack = htonl(tcp_hdr->th_ack); fprintf(stdout,"seq %u ack %u", seq, ack); } - This is the tcpdump-workers list.Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Mark Bednarczyk (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Gert Doering (Aug 19)
- Re: tcp sequence and ack number with libpcap Gianluca Varenni (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Eloy Paris (Aug 19)
- Re: tcp sequence and ack number with libpcap Gianluca Varenni (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Rick Jones (Aug 19)
- Re: tcp sequence and ack number with libpcap Eloy Paris (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Eloy Paris (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)
- Re: tcp sequence and ack number with libpcap Mark Bednarczyk (Aug 19)
- Re: tcp sequence and ack number with libpcap ronnie sahlberg (Aug 19)
- Re: tcp sequence and ack number with libpcap Andrej van der Zee (Aug 19)