00000 45 00 02 87 8a 97 40 00 40 06 af d7 7f 00 00 01 E.....@.@.......
00016 7f 00 00 01 e0 56 00 50 0d 46 70 a8 0c e2 41 70 .....V.P.Fp...Ap
00032 80 18 01 01 b9 70 00 00 01 01 08 0a 00 64 fa 32 .....p.......d.2
This is how Wireshark/tcpdump/my code represents a part of TCP packet stored in dump file.
Third line's first value, 80, it a correct TCP data offset of 32 bytes, or 8 32-bit (4 byte) words.
However, when (in my code), struct tcp_hdr is created over this payload (including ip header offset etc), the result of reading my_tcphdr->doff is 6, (equivalent for 24 bytes).
Suppose that reading such data from structure somehow isn't enough healthy.
How can I read this 4-bit (0xF0?) value to some int, given the (known as correct) pointer: unsigned char *doff = tcp_payload+MAGIC_16?
