仅在某些时间错误解压缩TCP标头

Question

I am working on a school project which involves reading in packets. I'm required to know the packet's source and destination IP, protocol, and source and destination ports. Right now I have the IP header running well, but when I display the ports from the TCP header I receive an error only some of the time. As well I would like to refrain from using external libraries and tools as I am not sure what environment the project will be tested on when marked.

The error

Traceback (most recent call last):
  File "capturePacket.py", line 26, in <module>
    tcp_hdr = struct.unpack("!HHII2sH2sH", tcpheader)
struct.error: unpack requires a buffer of 20 bytes

Some guidance would be helpful. Thank you.

import socket,struct,binascii,os

#if windows
if os.name == "nt":
    s = socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_IP)
    s.bind((socket.gethostname(),0))
    s.setsockopt(socket.IPPROTO_IP,socket.IP_HDRINCL,1)
    s.ioctl(socket.SIO_RCVALL,socket.RCVALL_ON)
#if other
else:
    s=socket.socket(socket.PF_PACKET, socket.SOCK_RAW, socket.ntohs(0x0800))

while True:
    pkt=s.recvfrom(65565)


    print ("\n\nIP Header:")
    ipheader = pkt[0][14:34]
    ip_hdr = struct.unpack("!1s1s1H1H2s1B1B2s4s4s",ipheader)
    print ("Source IP", socket.inet_ntoa(ip_hdr[8]))
    print ("Destination IP", socket.inet_ntoa(ip_hdr[9]))
    print ("Protocol", ip_hdr[6])

    print ("\n\nTCP Header:")
    tcpheader = pkt[0][34:54]
    tcp_hdr = struct.unpack("!HHII2sH2sH", tcpheader)
    print ("Source Port:", tcp_hdr[0])
    print ("Destination Port:", tcp_hdr[1])

Answer 1

The problem is very straightforward; you are neither passing a BPF filter to the sniffer to limit your packet capture to TCP only, nor are you checking to see if the IP protocol value is, in fact, 6 or TCP.

What all of this means is that when you then go to try to unpack what you are assuming will be a TCP header, you may instead be finding far less data in a UDP or ICMP packet (or some other embedded protocol, of course).