[英]Parsing a TCP Packet data
I am trying to parse a tcp packet and then assign to a pointer to the start of the payload. 我正在尝试解析tcp数据包,然后分配给有效负载开始的指针。
I am using C and this is my code so far: 我正在使用C,这是到目前为止的代码:
void dump(const unsigned char *data, int length) { //*data contains the raw packet data
unsigned int i;
static unsigned long pcount = 0;
// Decode Packet Header
struct ether_header *eth_header = (struct ether_header *) data;
printf("\n\n === PACKET %ld HEADER ===\n", pcount);
printf("\nSource MAC: ");
for (i = 0; i < 6; ++i) {
printf("%02x", eth_header->ether_shost[i]); //? Why don't i use nthos here?
if (i < 5) printf(":");
}
unsigned short ethernet_type = ntohs(eth_header->ether_type);
printf("\nType: %hu\n", ethernet_type);
if (ethernet_type == ETHERTYPE_IP) { //IP Header
printf("\n == IP HEADER ==\n");
struct ip *ip_hdr = (struct ip*) data + sizeof(struct ether_header);
unsigned int size_ip = ip_hdr->ip_hl * 4;
printf("\nIP Version: %u", ip_hdr->ip_v); //? Nthos or no nthos
printf("\nHeader Length: %u", ip_hdr->ip_hl); //? Nthos or no nthos
printf("\nTotal Length: %hu", ntohs(ip_hdr->ip_len)); //? Nthos or no nthos
// TCP Header
printf("\n== TCP HEADER ==\n");
struct tcphdr *tcp_hdr = (struct tcphdr*) data + sizeof(struct ether_header) + size_ip;
printf("\n Source Port: %" PRIu16, nthos(tcp_hdr->th_sport));
printf("\n Destination Port: %" PRIu16, nthos(tcp_hdr->th_dport));
printf("\n fin: %" PRIu16, tcp_hdr->fin);
printf("\n urg: %" PRIu16, tcp_hdr->urg);
printf("\n ack_seq: %" PRIu32, ntohl(tcp_hdr->ack_seq));
//Transport payload! i.e. rest of the data
const unsigned char *payload = data + ETH_HLEN + size_ip + sizeof(struct tcphdr) + tcp_hdr->doff;
}
I'm sure there is mistakes in this code because the port numbers are all weird. 我确定此代码中有错误,因为端口号都很奇怪。 Not a single one assigns to 80. The Ip version outputted can also be really weird (like version 11) as well.
没有一个分配给80。分配的Ip版本也可能真的很奇怪(例如版本11)。 What am I doing wrong?
我究竟做错了什么? Thanks!
谢谢!
Also I am unsure when to use nthos and when not to. 我也不确定何时使用nthos,何时不使用nthos。 I know nthos is for 16 bit unsigned integer and I know nthol is for 32 bit unsigned integers, but I'm aware your not meant to use them for everything in those packets (like: tcp_hdr->fin).
我知道nthos是用于16位无符号整数,而我知道nthol是用于32位无符号整数,但是我知道您并不打算将它们用于这些数据包中的所有内容(例如:tcp_hdr-> fin)。 Why certain things and not them?
为什么是某些东西而不是它们?
MANY THANKS! 非常感谢!
EDIT: 编辑:
Thanks Art for fixing most f the problems. 感谢Art解决了大多数问题。 I edited my tcp_hdr and ip_hdr so the brackets are now correct!
我编辑了tcp_hdr和ip_hdr,因此方括号正确了!
I still have 2 problems: 我仍然有2个问题:
EDIT2 编辑2
I have fixed why my payload was not outputting correctly (it's because I calculated the TCP_header size wrong). 我已经解决了为什么我的有效载荷输出不正确的原因(这是因为我计算的TCP_header大小错误)。
Although I am still confused about when to use nthos, I will put this as a separate question, as I think I asked too many questions on this 1 post! 尽管我仍然对何时使用nthos感到困惑,但我还是将其作为一个单独的问题,因为我认为我在这篇文章中问了太多问题!
Most likely your problem is here: 您的问题很可能在这里:
struct ip *ip_hdr = (struct ip*) data + sizeof(struct ether_header);
struct tcphdr *tcp_hdr = (struct tcphdr*) data + sizeof(struct ether_header) + size_ip;
Doing (struct ip*) data + sizeof(struct ether_header)
first casts data to struct ip *
, then adds sizeof(struct ether_header)
to it, which we know from pointer arithmetics will not do what you expect it to do. 执行
(struct ip*) data + sizeof(struct ether_header)
首先将数据转换为struct ip *
,然后sizeof(struct ether_header)
添加sizeof(struct ether_header)
,从指针算术中我们知道这将无法完成您期望的操作。
If the problem is still unclear, here's a simple program that should point you in the right direction: 如果问题仍然不清楚,可以使用以下简单程序将正确的方向指向您:
#include <stdio.h>
struct foo {
int a, b;
};
int
main(int argc, char **argv)
{
char *x = NULL;
printf("%p\n", x);
printf("%p\n", (struct foo *)x + 4);
printf("%p\n", (struct foo *)(x + 4));
return 0;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.