Ethereal-users: Re: [Ethereal-users] ACK / SEQ/ flag /win wrong

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Joe Elliott <joe@xxxxxxxxx>
Date: Fri, 14 Oct 2005 20:53:17 -0700 (PDT)
Hello Servando,
	Here are some printf precision codes you can use:

	%llu	double unsigned (64 bit)
	%ll	double (64 bit)
	%lu 	long unsigned
	%l	long
	%hu	short unsigned
	%h	short

Look at the tcpdump source code for specific examples of packet header
data lengths.

Here is an online manpage with more info:
http://man.he.net/man3/printf

Joe.

-- 
                                          __o       _~o       __o
                                         `\<,      `\<,      `\<,
 ______________________________________(*)/_(*)__(*)/_(*)__(*)/_(*)________
 Im a 21st Century Digital Boy ... I aint got a life, but I got lotsa toys.
 *************** Joe Elliott  joe@xxxxxxxxx  AOL:xqos  ********************
 -   NetContExt  - sniffer trace forensics - tcp follow stream analysis   - 
 -  Extract data files and Images from tcpdump & ethereal packet payloads -
        Inetd.Com Network analysis solutions http://www.inetd.com
 --------------------------------------------------------------------------


On Fri, 14 Oct 2005, Servando Garcia wrote:

> Date: Fri, 14 Oct 2005 21:38:46 -0500
> From: Servando Garcia <servando@xxxxxxx>
> Reply-To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
> Subject: [Ethereal-users] ACK / SEQ/ flag /win wrong
> 
> Hello List
> 	First of all that you all who have helped me with this project. Now to 
> the meat of my email
> I am working on a Mac 10.3
> I am using pcap to read/translate a capture session to human readable 
> form.
> When I use ethereal to view the capture session, I get
> Acknowledgment : 450
> Sequence number :1
> Flag of 0X0010(ack)
> win:  6432
> 
> when I run my program I get
> Seq : 46517
> ACK number : 15682
> Flag 6144
> win: 65535
> 
> this is nothing like ethereal.
> 
> Here is now I call them:
>          printf("Sequence Number:%d\n",ntohs(tcp->th_seq));
>          printf("TCP Acknowledgment Number: %d\n",ntohs(tcp->th_ack));
>          printf("TCP Flags: %d\n",ntohs(tcp->th_flags));
>          printf("TCP Window Size: %d\n",ntohs(tcp->th_win));
> 
> here is how I define:
> 
> 
> struct sniff_tcp {
>          u_char  th_flags;
>          #define TH_FIN  0x01
>          #define TH_SYN  0x02
>          #define TH_RST  0x04
>          #define TH_PUSH 0x08
>          #define TH_ACK  0x10
>          #define TH_URG  0x20
>          #define TH_ECE  0x40
>          #define TH_CWR  0x80
>          #define TH_FLAGS        
> (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
>          u_short th_win;                 /* window */
> 
> I am not sure why I have this difference.
> 
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>