I'm working with libpcap and having trouble accessing the sequence number variable from this struct.
To get the TCP sequence number i'm now using ntohl(tcp->th_seq)
and it gives me some sequence numbers in the positive and they seem to be valid (in wireshark) but it's also giving me a lot of negative TCP numbers.
Am I accessing the variable wrong or do the negative TCP numbers need to be converted some how?
struct sniff_tcp *tcp;
typedef u_int tcp_seq;
struct sniff_tcp {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
u_char th_offx2; /* data offset, rsvd */
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};
-----Console:-----------------------------------
Packet number 24:
current time: 2015-04-10 14:14:48.990
From: x.x.x.x
To: y.y.y.y
Protocol: TCP
Src port: 443
Dst port: 53111
Seq Num: 943553986 // This is valid in wireshark
ACK Detected
Packet number 25:
current time: 2015-04-10 14:14:48.990
From: x.x.x.x
To: y.y.y.y
Protocol: TCP
Src port: 53111
Dst port: 443
Seq Num: -1759841006 // I'm not sure what to make of this
ACK Detected
You're not showing how you print the number. Probably you're just printing using the wrong format specifier. The number returned by ntohl()
is of type uint32_t
so it must be printed like this:
#include <inttypes.h>
printf("%" PRIu32, ntohl(tcp->th_seq));
Here PRIu32
is the proper format specifier for your platform to print a 32-bit unsigned integer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.