[Winpcap-users] Trouble printing pkt_data
Guy Harris
guy at alum.mit.edu
Sat Jul 29 20:35:29 GMT 2006
Martin wrote:
> Hi Guy I hope not that it is bothering you I am replying, but I've tried
> to make a loop through the pkt_data as well and print out each char of
> it but it is ALWAYS "RT" no matter what!
You might want to think of that, instead, as "it is always hex 52
followed by hex 54". "pkt_data" is not a collection of characters, it's
a collection of bytes, and is not guaranteed to be text.
> I don't want the headers only the data of the packet.
There's no unique definition of "the data of the packet". As far as
Ethernet is concerned, the IP header of an IP packet is part of the data
of the packet, not a header. As far as IP is concerned, the TCP header
of a TCP segment, or the UDP header of a UDP datagram, or... is part of
the data of the packet, not a header.
The first two bytes of an Ethernet packet are the first two bytes of the
destination MAC address. At least according to the Wireshark list of OUIs:
http://anonsvn.wireshark.org/wireshark/trunk/manuf
MAC addresses beginning with 52:54:00 or 52:54:AB belong to Realtek (I
guess they asked for addresses in that range so that the first two bytes
of the MAC address, if interpreted as ASCII - which they are *NOT*,
they're just binary! - would be "RT"), so the packets might be
transmitted by a Realtek network adapter.
> Any ideas?
What definition of "the data" do you want? The stuff past the
transport-layer header?
More information about the Winpcap-users
mailing list