stackoom
  简体   繁体   中英

Negative TCP Sequence Numbers (C, LibPcap, TCP)

 原文  2015-04-10 13:05:50       c/ tcp/ network-programming/ libpcap

Question

I'm working with libpcap and having trouble accessing the sequence number variable from this struct.

To get the TCP sequence number i'm now using ntohl(tcp->th_seq) and it gives me some sequence numbers in the positive and they seem to be valid (in wireshark) but it's also giving me a lot of negative TCP numbers.

Am I accessing the variable wrong or do the negative TCP numbers need to be converted some how? 

struct sniff_tcp *tcp;

typedef u_int tcp_seq;

struct sniff_tcp {
    u_short th_sport;               /* source port */
    u_short th_dport;               /* destination port */
    tcp_seq th_seq;                 /* sequence number */
    tcp_seq th_ack;                 /* acknowledgement number */
    u_char  th_offx2;               /* data offset, rsvd */
    #define TH_OFF(th)      (((th)->th_offx2 & 0xf0) >> 4)
    u_char  th_flags;
    #define TH_FIN  0x01
    #define TH_SYN  0x02
    #define TH_RST  0x04
    #define TH_PUSH 0x08
    #define TH_ACK  0x10
    #define TH_URG  0x20
    #define TH_ECE  0x40
    #define TH_CWR  0x80
    #define TH_FLAGS        (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
    u_short th_win;                 /* window */
    u_short th_sum;                 /* checksum */
    u_short th_urp;                 /* urgent pointer */
};

-----Console:-----------------------------------
Packet number 24:
current time: 2015-04-10 14:14:48.990 
   From: x.x.x.x
     To: y.y.y.y
   Protocol: TCP
   Src port: 443
   Dst port: 53111
    Seq Num: 943553986  // This is valid in wireshark
   ACK Detected

Packet number 25:
current time: 2015-04-10 14:14:48.990 
   From: x.x.x.x
     To: y.y.y.y
   Protocol: TCP
   Src port: 53111
   Dst port: 443
    Seq Num: -1759841006  // I'm not sure what to make of this
   ACK Detected

1 answers

solution1
 3 ACCPTED  2015-04-10 13:22:18

You're not showing how you print the number. Probably you're just printing using the wrong format specifier. The number returned by ntohl() is of type uint32_t so it must be printed like this: 

#include <inttypes.h>

printf("%" PRIu32, ntohl(tcp->th_seq));

Here PRIu32 is the proper format specifier for your platform to print a 32-bit unsigned integer.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Negative Numbers over TCP socket C C code to get TCP sequence numbers for Windows, Linux and Mac TCP sequence and acknowledgment numbers | do these numbers matter during TCP handshake Why redeclare TCP and IP headers in a libpcap program? libpcap: printing tcp source and destination ports How to build a TCP pseudo header and related data for checksum verification in C and libpcap? Finding the Average in a sequence of number in c while ignoring the negative numbers in the sequence simple incrementing of TCP sequence number and assigning it to sending tcp header acknowledgement number in C libpcap - packet ip header length is zero bytes with loopback tcp requests How to retrieve TCP packet informations given by libpcap functions on MacOS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM