Ethereal-users: [Ethereal-users] ACK / SEQ/ flag /win wrong

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Servando Garcia <servando@xxxxxxx>
Date: Fri, 14 Oct 2005 21:38:46 -0500
Hello List
First of all that you all who have helped me with this project. Now to the meat of my email 
I am working on a Mac 10.3
I am using pcap to read/translate a capture session to human readable form. 
When I use ethereal to view the capture session, I get
Acknowledgment : 450
Sequence number :1
Flag of 0X0010(ack)
win:  6432

when I run my program I get
Seq : 46517
ACK number : 15682
Flag 6144
win: 65535

this is nothing like ethereal.

Here is now I call them:
        printf("Sequence Number:%d\n",ntohs(tcp->th_seq));
        printf("TCP Acknowledgment Number: %d\n",ntohs(tcp->th_ack));
        printf("TCP Flags: %d\n",ntohs(tcp->th_flags));
        printf("TCP Window Size: %d\n",ntohs(tcp->th_win));

here is how I define:


struct sniff_tcp {
        u_char  th_flags;
        #define TH_FIN  0x01
        #define TH_SYN  0x02
        #define TH_RST  0x04
        #define TH_PUSH 0x08
        #define TH_ACK  0x10
        #define TH_URG  0x20
        #define TH_ECE  0x40
        #define TH_CWR  0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR) 
        u_short th_win;                 /* window */

I am not sure why I have this difference.