I am trying to parse a tcp packet and then assign to a pointer to the start of the payload.
I am using C and this is my code so far:
void dump(const unsigned char *data, int length) { //*data contains the raw packet data
unsigned int i;
static unsigned long pcount = 0;
// Decode Packet Header
struct ether_header *eth_header = (struct ether_header *) data;
printf("\n\n === PACKET %ld HEADER ===\n", pcount);
printf("\nSource MAC: ");
for (i = 0; i < 6; ++i) {
printf("%02x", eth_header->ether_shost[i]); //? Why don't i use nthos here?
if (i < 5) printf(":");
}
unsigned short ethernet_type = ntohs(eth_header->ether_type);
printf("\nType: %hu\n", ethernet_type);
if (ethernet_type == ETHERTYPE_IP) { //IP Header
printf("\n == IP HEADER ==\n");
struct ip *ip_hdr = (struct ip*) data + sizeof(struct ether_header);
unsigned int size_ip = ip_hdr->ip_hl * 4;
printf("\nIP Version: %u", ip_hdr->ip_v); //? Nthos or no nthos
printf("\nHeader Length: %u", ip_hdr->ip_hl); //? Nthos or no nthos
printf("\nTotal Length: %hu", ntohs(ip_hdr->ip_len)); //? Nthos or no nthos
// TCP Header
printf("\n== TCP HEADER ==\n");
struct tcphdr *tcp_hdr = (struct tcphdr*) data + sizeof(struct ether_header) + size_ip;
printf("\n Source Port: %" PRIu16, nthos(tcp_hdr->th_sport));
printf("\n Destination Port: %" PRIu16, nthos(tcp_hdr->th_dport));
printf("\n fin: %" PRIu16, tcp_hdr->fin);
printf("\n urg: %" PRIu16, tcp_hdr->urg);
printf("\n ack_seq: %" PRIu32, ntohl(tcp_hdr->ack_seq));
//Transport payload! i.e. rest of the data
const unsigned char *payload = data + ETH_HLEN + size_ip + sizeof(struct tcphdr) + tcp_hdr->doff;
}
I'm sure there is mistakes in this code because the port numbers are all weird. Not a single one assigns to 80. The Ip version outputted can also be really weird (like version 11) as well. What am I doing wrong? Thanks!
Also I am unsure when to use nthos and when not to. I know nthos is for 16 bit unsigned integer and I know nthol is for 32 bit unsigned integers, but I'm aware your not meant to use them for everything in those packets (like: tcp_hdr->fin). Why certain things and not them?
MANY THANKS!
EDIT:
Thanks Art for fixing most f the problems. I edited my tcp_hdr and ip_hdr so the brackets are now correct!
I still have 2 problems:
- The first 10 bytes of the payload has weird symbols (so I think I have not assigned the payload correctly).
- I'm still unsure when to use nthos/nthol. I know u_int16_t is ntohs and u_int32_t is ntohl. But what about things that are signed int or unisgned short int. For instance I didn't use ntohs or nthol for the ip_v for it to work. Why not? Is "ip_hdr->ip_hl" nthol? etc...
EDIT2
I have fixed why my payload was not outputting correctly (it's because I calculated the TCP_header size wrong).
Although I am still confused about when to use nthos, I will put this as a separate question, as I think I asked too many questions on this 1 post!
ntohsto convert a short (16-bit) value from network byte order to host byte order. – Some programmer dude