Ethereal-users: Re: [Ethereal-users] winsock tcp packet format

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 14 Jul 2003 16:09:53 -0700

On Monday, July 14, 2003, at 1:39 PM, Lewis sn wrote:

Hi all. I'm trying to understand winsock tcp/ip stack. I send one pakcet from one win2000 station port 1807 to another win2000 station port 44422 a message:This is a small test message [numer 0]. I can see data link, ip and tcp header clearly. But there are many strange stuff in the tcp data payload except my message. Anyone has idea about it? Thanks.
client:
wsprintf(Buffer, "This is a small test message [number 0]");
retval = send(conn_socket, Buffer, sizeof(Buffer), 0);

TCP data:

I assume by "TCP data" you mean "TCP header and TCP payload, because you have 20 bytes, which is presumably a TCP header, and then some bytes that look like text and that are presumably "This is a small test message [number 0]", followed by whatever random data happens to be in your buffer after the "]".

So how big is "Buffer"? If it's larger than 40 bytes, then, in addition to the 40 bytes of string ("This is a small test message [number 0]" plus a terminating '\0'), it will also send whatever random junk is in Buffer after that. (The "send()" call will send "sizeof(Buffer)" bytes of data; it does *NOT* pay any attention to the values of the bytes in the buffer - in particular, it does *NOT* stop at the '\0' at the end of the string.)

None of this, by the way, has anything to do with Winsock; this would happen on Unix as well, or any other OS with "wsprintf()", sockets, and "send()" and on which you have a C compiler.