开发者

More data in packet payload

开发者 https://www.devze.com 2022-12-20 16:39 出处:网络
I have the following code int ParseData(unsigned char *packet, int len) { struct ethhdr *ethernet_header;

I have the following code

int ParseData(unsigned char *packet, int len) { struct ethhdr *ethernet_header; struct iphdr *ip_header; struct tcphdr *tcp_header; unsigned char *data; int data_len;

    /* Check if any data is there */

    if(len > (sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr)))
    {

            ip_header = (struct iphdr*)(packet + sizeof(struct ethhdr));


            data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr));
            data_len = ntohs(ip_header->tot_len) - ip_header->ihl*4 - sizeof(struct tcphdr);

            if(data_len)
            {
                    printf("Data Len : %d\n", data_len);
                    PrintData("Data : ", data, data_len);
                    printf("\n\n");
                    return 1;
            }
            else
            {
                    printf("No Data in packet\n");
                    return 0;
            }
    }

}

I am trying to print in ASCII the payload and with a simple function like this

PrintData(char *mesg, unsigned char *p, int len) { printf(mesg);

    while(len--)
    {
            if(isprint(*p))
                    printf("%c", *p);
            else
                    printf(".");
            p++;
    }

}

The code looks good, no compile problems/warning. The problem is that the first payload character is not being print at position 0, but 12 bytes later.

I thought that all the "len" bytes are the exact data I have to print.

My data point at data = (packet + sizeof(struct ethhdr) + ip_header->ihl*4 + sizeof(struct tcphdr)); however data[0] is not printable. What is the problem? Do I miss something? Do I have to check for the TCP options part maybe?

开发者_开发百科

Thanks


That's right, adding the sizeof(struct tcphdr) is only going to get you past the header, not the options. To get to the actual data, you should use the 'offset' field from the TCP header. The offset is calculated from the start of the TCP header and is in 4-byte units, e.g. if the offset is 8 then the header + options length is 32.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号