<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'>
I have see several methods for retrieve packets position<BR> <BR>suppose I have these structures:<BR> <BR>// 20 bytes IP Header<BR>struct ip_header{<BR> u_char ver_ihl; // Version (4 bits) + Internet header length (4 bits)<BR> u_char tos; // Type of service<BR> u_short tlen; // Total length<BR> u_short identification; // Identification<BR> u_short flags_fo; // Flags (3 bits) + Fragment offset (13 bits)<BR> u_char ttl; // Time to live<BR> u_char proto; // Protocol<BR> u_short crc; // Header checksum<BR> //ip_address saddr; // Source address<BR> //ip_address daddr; // Destination address<BR> in_addr saddr;<BR> in_addr daddr;<BR> // u_int op_pad; // Option + Padding -- NOT NEEDED!<BR>}ip_header;<BR> <BR>//"Simple" struct for TCP<BR>struct tcp_header {<BR> u_short sport; // Source port<BR> u_short dport; // Destination port<BR> u_int seqnum; // Sequence Number<BR> u_int acknum; // Acknowledgement number<BR> u_char th_off; // Header length<BR> u_char flags; // packet flags<BR> u_short win; // Window size<BR> u_short crc; // Header Checksum<BR> u_short urgptr; // Urgent pointer<BR>
}tcp_header;<BR> <BR>struct udp_header{<BR> u_short sport; // Source port<BR> u_short dport; // Destination port<BR> u_short len; // Datagram length<BR> u_short crc; // Checksum<BR>}udp_header;<BR><BR>struct ip_header *ip; //ip header<BR>struct tcp_header *tcp; //tcp header<BR>struct udp_header *udp;<BR> <BR>to calculate ip packet position:<BR> <BR>ip=(struct ip_header *)(pkt_data +14); <BR> <BR>to calculate udp packet position:<BR> <BR>1//<BR> <BR>udp = (struct udp_header *)(sizeof(struct ip_header)+pkt_data+14)<BR> <BR>2//<BR> <BR>u_int ip_len = (ip->ver_ihl & 0xf) * 4; <BR>udp = (struct udp_header *)((u_char *)ip + ip_len); <BR> <BR>in this case, ip_len retrieve the packet length of ihl, but I don't understand <BR> <BR>((u_char *)ip + ip_len); <BR> <BR>3//<BR> <BR>udp = (struct udp_header*)(pkt_data + 14 + ip_len); <BR> <BR>Can tell me which one is the correct form, I think is the second but I don't understand it very well... and the second form is the same form for retrieve tcp packets?<BR>
<BR>
tcp = (struct tcp_header *)((u_char *)ip + ip_len); <BR>
<BR>
thanks<BR><BR><br /><hr />Todo ruedas: información práctica y todo el glamour del mundo del motor. <a href='http://estilo.es.msn.com/' target='_new'>MSN Estilo y Tendencias</a></body>
</html>