LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page http reconstruction Problem (c,libpcap)
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 04-14-2009, 07:51 AM   #1
kalps
LQ Newbie
 
Registered: Mar 2009
Posts: 11

Rep: Reputation: 0
http reconstruction Problem (c,libpcap)

Hai everybody,
I am trying to reconstruct a HTTP session.I am asked to compare SEQ and ACK numbers. I have checked for connection establishment.Then i have recognised the Request and Response packets.Now I need to check the SEQ and ACK numbers of response packet alone..I need help how to do this.

Here is my code:


Code:

  #include <netinet/if_ether.h>
#include <stdlib.h>
#include <pcap.h>
#include <errno.h>
#include <stdio.h>
#include<netinet/ip.h>
#include<netinet/tcp.h>
#include<string.h>
#define MAXBYTES2CAPTURE 2048
pcap_dumper_t *dump;
void setfilter(pcap_t * capture, char filter_app[]);
void dump_offline(pcap_t * capture, char *filename);
void view_offline(char *filename);
int a[3] = { 0, 0, 0 };
int seq;


struct http_stat {
    int connection;
    int packets;
} httpstatus;
struct http_request {
    char response;
    int packets1;
} httprequest;

struct http_response
{
 int packets;
 int response_code;

}httpresponse;


void process_pkt(u_char * str, const struct pcap_pkthdr *pkthdr,
		 const u_char * packet)
{   
    int dst=8080;
    int in, pos = 0, pos1 = 0;
    static int cnt;
    u_char *ptr;
    struct ether_header *eptr;
    struct ip *iphdr;
    struct tcphdr *tcp;
    static int count = 1, i;
    
    httprequest.packets1 = 0;
     
    printf("Call back:");
    fprintf(stdout, "%d,\n", count);
    count++;
    //Here i have code for printing ethernet header and IP address

    iphdr = (struct ip *) (packet + sizeof(struct ether_header));

    if (iphdr->ip_p == IPPROTO_TCP) {
	tcp =(struct tcphdr *) (packet + sizeof(struct ether_header) + sizeof(struct ip));
	packet =(const char *) (packet + sizeof(struct ether_header) + sizeof(struct ip) + sizeof(struct tcphdr));
	
	if (tcp->syn && tcp->ack)
	    a[1] = 1;
	else if (tcp->syn)
	    a[0] = 1;
	else if (tcp->ack)
	    a[2] = 1;
       

    }
    if (a[0] == 1 && a[1] == 1 && a[2] == 1) {
	cnt++;
	if (cnt == 1) {
	    httpstatus.connection = 1;
	    printf("connection established\n");
	}
	httpstatus.connection = 0;
    }
   
 if((tcp->source)==dst && !(tcp->psh))    // This is to find REsponse packet
        {
          
        seq=tcp->seq;             
/* I want to compare previous packet's seq number and current packets ack num. How should i do this. With too many structures and variables i struggle to manipulate.. Please help!! */
         
	 if(seq==tcp->ack_seq)
         printf("ACK is equals to SEQ");
          }
 	for (i=0;i<pkthdr->len; i++)
        printf("%c", packet[i]);
        
   	printf("\n");
    
  

}
 
Old 04-14-2009, 11:08 PM   #2
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: fedora
Posts: 196

Rep: Reputation: 32
did u refered RFC 793 ?
 
Old 04-16-2009, 12:55 AM   #3
kalps
LQ Newbie
 
Registered: Mar 2009
Posts: 11

Original Poster
Rep: Reputation: 0
http reconstruction problem
Ya I referred that lokesh but I couldn't get how to solve this..
How can i differentiate different sessions..

Thank you
 
Old 04-16-2009, 11:12 PM   #4
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: fedora
Posts: 196

Rep: Reputation: 32
Quote:
Originally Posted by kalps View Post
How can i differentiate different sessions..
you can consider the four parameters Source IP, Destination IP, Source Port and Destination Port to uniquely identify a single connection.
 
  


Reply

Tags
reconstruction


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP Reconstruction(C ,libpcap,linux) kalps Programming 5 03-25-2009 11:16 PM
problem with libpcap ARCIS_house Linux - Newbie 9 06-05-2006 12:41 AM
Installation problem libpcap-0.9.4. Please help qasali Programming 1 05-29-2006 12:33 PM
Installation problem libpcap-0.9.4. Please help qasali Linux - Software 1 05-28-2006 07:37 AM
libpcap 0.8.3 installation problem open2rock Linux - Software 3 05-15-2004 01:23 AM


All times are GMT -5. The time now is 03:36 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration