Extract payload with libpcap

Thread Tools Search this Thread
Top Forums Programming Extract payload with libpcap
# 1  
Old 10-22-2009
Extract payload with libpcap

hi! Smilie

im having a problem while extracting payload from a tcp packet that is captured with libpcap. this is what ive got so far:

PHP Code:
const struct ethernet_header *ethernet;
struct ip_header *ip;
struct tcp_header *tcp;
char *payload;
u_int size_ip;
u_int size_tcp;

ip = (struct ip_header*)(packet SIZE_ETHERNET);
size_ip IP_HL(ip)*4;    

tcp = (struct tcp_header*)(packet SIZE_ETHERNET size_ip);
size_tcp TH_OFF(tcp)*4;
payload = (u_char *)(packet SIZE_ETHERNET size_ip size_tcp); 
the result look like this:

actual payload: foobar
my program shows: foobar

actual payload 2: foo
my program shows:

data from the last payload is still there somehow.. maybe i need to clean the memory or something after each packet.. i dunno!

hope youll understand! thanks Smilie

---------- Post updated at 11:58 AM ---------- Previous update was at 07:45 AM ----------

another question:

how do i get the correct seq and ack numbers from the tcp struct? when i print them i get just get really big numbers.. and when i check them in wireshark they should be like 1,2,3
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Empty lines at the end of the payload generated in FTP server

Hi All, I am facing an issue in one of the use cases that I am trying to implement. I am getting a purchase order from one of the trading partners through Oracle B2B. B2B forwards this B2BM (B2B message ) to AIAB2BInterface. From AIAB2BInterface my BPEL process gets invoked, which in turn... (1 Reply)
Discussion started by: mayank2211
1 Replies

2. Programming

using libpcap with timeout

I want to write a small application using Libpcap in C on Linux. Currently, it starts to sniff and waits for the packets. But that's not what I need actually. I want it to wait for N seconds and then stop listening. (I think there's something wrong with my usage of 'pcap_open_live'...) How... (0 Replies)
Discussion started by: xyzt
0 Replies

3. Programming

Libpcap: Set a filter. (C)

Hi I'm reading about the libpcap documentation. I see that with the function: pcap_setfilter ( pcap_t *p, struct bpf_program *fp) we can choose to take one packet instead another. I read that the struct bpf_program allow us to create a packet filter , ....so if I want just sample some... (2 Replies)
Discussion started by: Dedalus
2 Replies

4. Programming

Uncompress on linux a UDP Payload compressed on win$ using closed source library

I am trying to uncompress a UDP packets payload. The data was compressed using "Xceed Version 4.3" which is a closed source windows program. I need to uncompress the data on a linux box. The technical support people at Xceed tell me that the data was compressed using "the Deflate compression method... (0 Replies)
Discussion started by: sysadmin9
0 Replies
Login or Register to Ask a Question