嗅探到的数据包的打印序列号
[英]printing sequence number of a sniffed packet
问题描述
i am using pcap to create a packet sniffer. 
我正在使用pcap创建数据包嗅探器。
i have this tcp structure: 我有这个TCP结构:
typedef struct TSP_header{
unsigned short int sport;
unsigned short int dport;
unsigned int seqnum;
unsigned int acknum;
unsigned char reserved:4, offset:4;
unsigned int
tcp_res1:4, //little-endian
tcph_hlen:4, //length of tcp header in 32-bit words
tcph_fin:1, //Finish flag "fin"
tcph_syn:1, //Synchronize sequence numbers to start a connection
tcph_rst:1, //Reset flag
tcph_psh:1, //Push, sends data to the application
tcph_ack:1, //acknowledge
tcph_urg:1, //urgent pointer
tcph_res2:2;
unsigned short int tcph_win;
unsigned short int tcph_chksum;
unsigned short int tcph_urgptr;
}TSP_header;
how can i print the sequence number? 如何打印序列号?
should i use htons(sequence_number)?? 我应该使用htons(sequence_number)吗? because it isn't working this way!! 因为它不是这样工作的!
my other question is what is the number after the variable declaration? 我的另一个问题是变量声明后的数字是多少?
what does 4 mean in tcph_hlen:4 4在tcph_hlen中是什么意思:4
1 个解决方案
解决方案1
0 已采纳 2010-03-20 12:40:15
If the programming language is C, note your struct is incorrect since you do not specify the sizes of the fields. 如果编程语言是C,请注意您的结构不正确,因为您没有指定字段的大小。 For instance, the sequence number is 32 bits and "int" may be 16 or 64 bits. 例如,序列号是32位,“ int”可以是16位或64位。 For seqnum, you should use uint32_t. 对于seqnum,应使用uint32_t。
This being said, if you have read the TCP packet from the network, the sequence number is in network order (big-endian) and therefore, to print it, you need to call ntohl (network to host - long). 这就是说,如果您已经从网络中读取了TCP数据包,则序列号是按网络顺序(big-endian)排列的,因此,要打印该序列号,您需要调用ntohl(网络到主机-长)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.