tags:

views:

48

answers:

1
Q: 

printing sequence number of a sniffed packet

i am using pcap to create a packet sniffer.
i have this tcp structure: 

typedef struct TSP_header{  
  unsigned short int   sport;  
  unsigned short int   dport;  
  unsigned int         seqnum;  
  unsigned int         acknum;  
  unsigned char        reserved:4, offset:4;  
  unsigned int
    tcp_res1:4,       //little-endian  
    tcph_hlen:4,      //length of tcp header in 32-bit words  
    tcph_fin:1,       //Finish flag "fin"  
    tcph_syn:1,       //Synchronize sequence numbers to start a   connection
    tcph_rst:1,       //Reset flag   
    tcph_psh:1,       //Push, sends data to the application  
    tcph_ack:1,       //acknowledge  
    tcph_urg:1,       //urgent pointer  
    tcph_res2:2;
  unsigned short int tcph_win;  
  unsigned short int tcph_chksum;  
  unsigned short int tcph_urgptr;  
}TSP_header;

how can i print the sequence number?
should i use htons(sequence_number)?? because it isn't working this way!!

my other question is what is the number after the variable declaration?
what does 4 mean in tcph_hlen:4

A: 

If the programming language is C, note your struct is incorrect since you do not specify the sizes of the fields. For instance, the sequence number is 32 bits and "int" may be 16 or 64 bits. For seqnum, you should use uint32_t.

This being said, if you have read the TCP packet from the network, the sequence number is in network order (big-endian) and therefore, to print it, you need to call ntohl (network to host - long).

bortzmeyer  2010-03-20 12:40:15
i don't think ntohl() works because its giving me negative sequence and ack numbers.
scatman  2010-03-21 07:51:36
ntohl takes an *unsigned* integer as a parameter and yields an *unsigned* integer as a result. So, unless you have made the big mistake of putting the result of ntohl into a *signed* int, negative numbers cannot happen. Show your code.
bortzmeyer  2010-03-22 08:06:57
mmm i c. well i am using : printf("%d",ntohl(tcp->seqnum)).so what should i use instead of %d to print an unsigned integer?
scatman  2010-03-22 12:04:48
I give you an useful advice: read the documentation. 'man 3 printf' will tell you that "d, i The int argument is converted to signed decimal notation." I let you see by yourself what is needed for an unsigned.
bortzmeyer  2010-03-23 20:31:01
ok. thanks a lot for your help:)
scatman  2010-03-26 12:44:51

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS