Find the answer to your Linux question:
Results 1 to 3 of 3
I am using TCPTRACE in Fedora Linux Kernel version 2.6.18.1 to extract and process packets from a packet dump file. To process each packet, the md_read() function is called . ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2007
    Posts
    31

    Unhappy PROBLEM: all bytes of extracted payload from a dump file appears to be zero


    I am using TCPTRACE in Fedora Linux Kernel version 2.6.18.1 to extract and process packets from a packet dump file. To process each packet, the md_read() function is called . The code of which is as follows.
    I am trying to extract payload from these packets. but when I display the bytes of the payload or infact the packet using *payload or *pip pointer ...........all bytes appear to be zero.........
    I could not figure out why this is happening............

    any suggestions or help ..............

    void
    md_read(
    struct ip *pip, /* the packet */
    tcp_pair *ptp, /* info I have about this connection */
    void *plast, /* past byte in the packet */
    void *mod_data) /* connection info for this one */
    {
    unsigned int j;
    unsigned char *payload,*packet;
    long bytes,payload_length,size_iphdr,size_tcphdr;

    if (pip->ip_p != IPPROTO_TCP) return; //only process tcp packets

    packet = pip;

    size_iphdr = 4*IP_HL(pip);
    if(size_iphdr<20){printf("Invalid IP header:%u bytes\n",size_iphdr); return;}
    struct tcphdr *ptcp = (struct tcphdr *) (packet + size_iphdr);

    size_tcphdr = 4*TH_OFF(ptcp);
    if(size_tcphdr<20){printf("Invalid TCP header:%u bytes\n",size_tcphdr); return;}

    //contains the pointer to the payload
    payload = (packet + size_iphdr + size_tcphdr );

    bytes = ntohs(pip->ip_len); //total length of the packet
    payload_length = bytes - size_iphdr -size_tcphdr ; //payload length

    }

  2. #2
    Just Joined!
    Join Date
    Feb 2007
    Posts
    31
    One more thing ....I have further investigate the payload and find out the actual payload i.e. non-zero is of just 30 bytes out of 1448 bytes and rest is padded with zeros.


    any idea why this is happening .....

  3. #3
    Just Joined!
    Join Date
    Feb 2007
    Posts
    31

    payload is padded with zeros

    I have captured the packets by using TCPDUMP on Linux fedora kernel 2.6.18.1

    when I have extracted the payload from packets I found out that the actual payload is of just 30 bytes out of 1448 bytes and rest of the payload is padded with zeros

    I have checked it though ethereal as well

    any idea why this is happening .....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •