tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting TCP packet payload length with pcap

From: "Nick Chorley" <nick.chorley () gmail com>
Date: Wed, 8 Aug 2007 12:14:30 +0100
On 08/08/2007, Luis Martín García <luis.mgarc () gmail com> wrote:


The only difference between the structure definitions that you are using
and
the sniffex_XXX ones is probably the name of the structure members. The
process detailed in
http://www.tcpdump.org/lists/workers/2005/05/msg00021.html is correct,
just
check that you translate the struct member names to the equivalents for
netinet/ip.h etc.



Ah, I thought the sniff_* structures had more members than the ones in
netinet/* (as I managed to  miss the relevant members when looking through
netinet/*.

Regards,



Luis.


NOTE: You might want to know that there are two ways to define a tcp
structure, the Linux way and the BSD way. You are probably using the Linux
definition 'cause the BSD one matches the sniff_tcp, check wikipedia entry
"tcphdr" for more information.



Yes, I was aware of this and indeed I am using the Linux definition, since I
haven't put #define __FAVOR_BSD in my program.

Regards,

NC

On 8/8/07, Nick Chorley <nick.chorley () gmail com> wrote:


Hi,

I have found another post in the mailing list about this (
http://www.tcpdump.org/lists/workers/2005/05/msg00021.html), but it
appears
to use structs sniff_ip and sniff_tcp that are declared in the sniffex
program. In my program, I'm using the structs for the IP and TCP headers
as
defined in netinet/ip.h and netinet/tcp.h, respectively. Is there a way

to

get the TCP payload length using these, or do I necessarily need to
"create"
my own structs?

On another (unrelated note), is there no search facility for the mailing
lists?

Regards,

Nicky Chorley
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: