I have the following code
int ParseData(unsigned char *packet, int len) { struct ethhdr *ethernet_header; struct iphdr *ip_header; struct tcphdr *tcp_header; unsigned char *data; int data_len;
/* Check if any data is there */
if(len > (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
{
ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));
data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr));
data_len = ntohs(ip_header->tot_len) - ip_header->ihl*4 - sizeof(struct tcphdr);
if(data_len)
{
printf("Data Len : %d\n", data_len);
PrintData("Data : ", data, data_len);
printf("\n\n");
return 1;
}
else
{
printf("No Data in packet\n");
return 0;
}
}
}
I am trying to print in ASCII the payload and with a simple function like this
PrintData(char *mesg, unsigned char *p, int len) { printf(mesg);
while(len--)
{
if(isprint(*p))
printf("%c", *p);
else
printf(".");
p++;
}
}
The code looks good, no compile problems/warning. The problem is that the first payload character is not being print at position 0, but 12 bytes later.
I thought that all the "len" bytes are the exact data I have to print.
My data point at data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr)); however data[0] is not printable. What is the problem? Do I miss something? Do I have to check for the TCP options part maybe?
Thanks