tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcp sequence and ack number with libpcap

From: Gert Doering <gert () greenie muc de>
Date: Thu, 19 Aug 2010 16:57:38 +0200
Hi,

On Thu, Aug 19, 2010 at 11:23:39PM +0900, Andrej van der Zee wrote:

I am trying to get the TCP sequence and ack number of TCP packets. Somehow I
get different values than "tcpdump -vv" does. The numbers are way too big
all the time. Source and destination ports are just fine. Below the relevant
code. I studied the tcpdump source code but can't find why. Please help, I
am stuck!


TCP sequence numbers basically start with a random start (ISN) value.

tcpdump will internally take note of the ISNs for a given "flow" and
will then only show the deltas "how many bytes sent/acked since the
beginning of the flow", instead of the absolute numbers.


From a brief glance, your code looks fine to me.


gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert () greenie muc de
fax: +49-89-35655025                        gert () net informatik tu-muenchen de
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: