堆栈内存溢出
  简体   繁体   English

负TCP序列号(C,LibPcap,TCP)

[英]Negative TCP Sequence Numbers (C, LibPcap, TCP)

 原文  2015-04-10 13:05:50       c/ tcp/ network-programming/ libpcap

问题描述

I'm working with libpcap and having trouble accessing the sequence number variable from this struct. 我正在使用libpcap,无法从此结构中访问序列号变量。

To get the TCP sequence number i'm now using ntohl(tcp->th_seq) and it gives me some sequence numbers in the positive and they seem to be valid (in wireshark) but it's also giving me a lot of negative TCP numbers. 为了获得TCP序列号,我现在正在使用ntohl(tcp->th_seq) ,它给了我一些正数的序列号,它们似乎是有效的(在wireshark中),但它也给了我很多负的TCP数字。

Am I accessing the variable wrong or do the negative TCP numbers need to be converted some how? 我是否错误地访问变量或者是否需要转换负数TCP数字? 

struct sniff_tcp *tcp;

typedef u_int tcp_seq;

struct sniff_tcp {
    u_short th_sport;               /* source port */
    u_short th_dport;               /* destination port */
    tcp_seq th_seq;                 /* sequence number */
    tcp_seq th_ack;                 /* acknowledgement number */
    u_char  th_offx2;               /* data offset, rsvd */
    #define TH_OFF(th)      (((th)->th_offx2 & 0xf0) >> 4)
    u_char  th_flags;
    #define TH_FIN  0x01
    #define TH_SYN  0x02
    #define TH_RST  0x04
    #define TH_PUSH 0x08
    #define TH_ACK  0x10
    #define TH_URG  0x20
    #define TH_ECE  0x40
    #define TH_CWR  0x80
    #define TH_FLAGS        (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
    u_short th_win;                 /* window */
    u_short th_sum;                 /* checksum */
    u_short th_urp;                 /* urgent pointer */
};

-----Console:-----------------------------------
Packet number 24:
current time: 2015-04-10 14:14:48.990 
   From: x.x.x.x
     To: y.y.y.y
   Protocol: TCP
   Src port: 443
   Dst port: 53111
    Seq Num: 943553986  // This is valid in wireshark
   ACK Detected

Packet number 25:
current time: 2015-04-10 14:14:48.990 
   From: x.x.x.x
     To: y.y.y.y
   Protocol: TCP
   Src port: 53111
   Dst port: 443
    Seq Num: -1759841006  // I'm not sure what to make of this
   ACK Detected

1 个解决方案

解决方案1
 3 已采纳  2015-04-10 13:22:18

You're not showing how you print the number. 您没有显示如何打印该号码。 Probably you're just printing using the wrong format specifier. 可能你只是使用错误的格式说明符进行打印。 The number returned by ntohl() is of type uint32_t so it must be printed like this: ntohl()返回的数字是uint32_t类型,所以它必须像这样打印: 

#include <inttypes.h>

printf("%" PRIu32, ntohl(tcp->th_seq));

Here PRIu32 is the proper format specifier for your platform to print a 32-bit unsigned integer. 这里PRIu32是您的平台打印32位无符号整数的正确格式说明符。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 TCP套接字C上的负数 - Negative Numbers over TCP socket C 用于获取Windows,Linux和Mac的TCP序列号的C代码 - C code to get TCP sequence numbers for Windows, Linux and Mac TCP 序列号和确认号 | 这些数字在 TCP 握手期间是否重要 - TCP sequence and acknowledgment numbers | do these numbers matter during TCP handshake 为什么要在 libpcap 程序中重新声明 TCP 和 IP 标头? - Why redeclare TCP and IP headers in a libpcap program? libpcap:打印TCP源和目标端口 - libpcap: printing tcp source and destination ports 如何在C和libpcap中构建TCP伪标头和相关数据以进行校验和验证? - How to build a TCP pseudo header and related data for checksum verification in C and libpcap? 在c中的数字序列中查找平均值,而忽略序列中的负数 - Finding the Average in a sequence of number in c while ignoring the negative numbers in the sequence TCP 序列号的简单递增并将其分配给发送 tcp header Z012570F8387D14D 中的确认号 - simple incrementing of TCP sequence number and assigning it to sending tcp header acknowledgement number in C libpcap-带有回送TCP请求的数据包ip标头长度为零字节 - libpcap - packet ip header length is zero bytes with loopback tcp requests 如何在 MacOS 上检索 libpcap 函数给出的 TCP 数据包信息? - How to retrieve TCP packet informations given by libpcap functions on MacOS?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM