stackoom
  简体   繁体   中英

C code to get TCP sequence numbers for Windows, Linux and Mac

 原文  2012-08-31 01:53:25       c/ tcp/ raw-sockets

Question

Is there a way (using raw sockets or otherwise) to get the TCP sequence numbers used by a process. So for example if a process is active and has an active TCP connection, is it possible to get the TCP sequence numbers for that process from the time the process was started, or at least the last acknowledgement number it received or sent? If so how do I do that using C or any low level language?

In effect, can:

  • ProcessA detect the TCP sequence numbers that have already been sent (by the time ProcessA has started) associated with an active ProcessB?

Or

  • Can a ProcessA detect the last ACK number received or sent by ProcessA after the fact?

3 answers

solution1
 0  2012-11-30 16:30:02

You can use winpcap, http://www.winpcap.org/ to capture the TCP data packets. It has an API where you get access to all packets going to and fro on your NIC. You can access the full packet, so you can extract any information you like from the it.

But you have to be monitoring a connection to know the sequence number, of course. You have to extract the sequence number from live packets. If you decide to break into a already running connection, you have to wait for the next packet to get your info.

solution2
 0  2013-04-03 16:24:09

You will need a packet analyzer to see the value of sequence number and acknowledgment number used by a process. wireshark is a well known packet analyzer which works in all platform.

if you wish to write your own packet analyzer you have to use the library winpcap for windows, pcap for linux.

Download and run this program. sniffex

you will get much idea about monitoring and capturing packets.

solution3
 0 ACCPTED  2013-04-03 20:18:50

Of the options mentioned already, libpcap is the best as it offers you a close to platform-independent way of capturing packets.

However, another option on Linux and that I have grown fond of, is to use the iptables NFQUEUE target to send the packets you are interested in to userspace (possibly in combination with tee). With this technique, you can use the powers of iptables to only get the packets that you are interested in (for example SYN or some random packets based on probability).

An example of how to use NFQUEUE is here and here . Use NFQUEUE in the raw table to make sure all packets are evaluated. Libnetfilter_queue should be used to ease the process of receiving packets.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Negative TCP Sequence Numbers (C, LibPcap, TCP) Can I get SSID and MAC address from C code in Linux? How to send data and get data from tcp/ip port in C,C++ both on Windows and Linux On Linux/Mac/Windows, is it possible to access the TCP timestamp and/or RTT in user space of a connected TCP socket? Clearing the Screen in C on Solaris, Linux, Windows and Mac C code crashes in Windows, but not in Linux C code in Linux to C code in Windows TCP sequence and acknowledgment numbers | do these numbers matter during TCP handshake Get file status on mac drive with linux in C C code written on a mac porting to windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM