Login or Register to Ask a Question and Join Our Community


Programming

Extract payload with libpcap

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Programming Extract payload with libpcap
# 1  
Old 10-22-2009
Extract payload with libpcap
hi! Smilie

im having a problem while extracting payload from a tcp packet that is captured with libpcap. this is what ive got so far:

PHP Code:
const struct ethernet_header *ethernet;
    const struct ip_header *ip;
    const struct tcp_header *tcp;
    const char *payload;
    u_int size_ip;
    u_int size_tcp;

    ip = (struct ip_header*)(packet SIZE_ETHERNET);
    size_ip IP_HL(ip)*4;    

    tcp = (struct tcp_header*)(packet SIZE_ETHERNET size_ip);
    size_tcp TH_OFF(tcp)*4;
    
   payload = (u_char *)(packet SIZE_ETHERNET size_ip size_tcp); 
the result look like this:

actual payload: foobar
my program shows: foobar

actual payload 2: foo
my program shows:
foo
ar

data from the last payload is still there somehow.. maybe i need to clean the memory or something after each packet.. i dunno!

hope youll understand! thanks Smilie

---------- Post updated at 11:58 AM ---------- Previous update was at 07:45 AM ----------

another question:

how do i get the correct seq and ack numbers from the tcp struct? when i print them i get just get really big numbers.. and when i check them in wireshark they should be like 1,2,3
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Empty lines at the end of the payload generated in FTP server

Hi All, I am facing an issue in one of the use cases that I am trying to implement. I am getting a purchase order from one of the trading partners through Oracle B2B. B2B forwards this B2BM (B2B message ) to AIAB2BInterface. From AIAB2BInterface my BPEL process gets invoked, which in turn... (1 Reply)
Discussion started by: mayank2211
1 Replies

2. Programming

using libpcap with timeout

I want to write a small application using Libpcap in C on Linux. Currently, it starts to sniff and waits for the packets. But that's not what I need actually. I want it to wait for N seconds and then stop listening. (I think there's something wrong with my usage of 'pcap_open_live'...) How... (0 Replies)
Discussion started by: xyzt
0 Replies

3. Programming

Libpcap: Set a filter. (C)

Hi I'm reading about the libpcap documentation. I see that with the function: pcap_setfilter ( pcap_t *p, struct bpf_program *fp) we can choose to take one packet instead another. I read that the struct bpf_program allow us to create a packet filter , ....so if I want just sample some... (2 Replies)
Discussion started by: Dedalus
2 Replies

4. Programming

Uncompress on linux a UDP Payload compressed on win$ using closed source library

I am trying to uncompress a UDP packets payload. The data was compressed using "Xceed Version 4.3" which is a closed source windows program. I need to uncompress the data on a linux box. The technical support people at Xceed tell me that the data was compressed using "the Deflate compression method... (0 Replies)
Discussion started by: sysadmin9
0 Replies
Login or Register to Ask a Question