I have a binary tcpdump file that I'm reading with libpcap, so I can get IP addresses, ports and timestamps out and then eventually put them in a database. I also have an ASCII version of this tcpdump file (which was generated by reading the binary file with tcpdump and then just redirecting the output) and I'm using this to compare the output of my program. My program outputs the source and destination IP addresses correctly, but not the source and destination ports, so I must be doing something wrong. Relevant code is as follows:
Code:
pcap_t *handle = pcap_open_offline(file, error_buffer);
struct pcap_pkthdr *packet_header;
const u_char *packet;
struct ip *ip_packet;
struct tcphdr *tcp_segment;
// Get one packet
packet = pcap_next(handle, packet_header);
ip_packet = (struct ip*)(packet + sizeof(struct ether_header));
tcp_segment = (struct tcphdr*)(packet + sizeof(struct ether_header)
+ sizeof(struct ip));
...
cout << "Source port: " << tcp_segment->source << endl;
cout << "Destination port: " << tcp_segment->dest << endl;
For the first packet in my input data, my program gives the following output:
Source port: 384
Destination port: 20480
The output from my program is the same if I have "#define __FAVOR_BSD" in my code and use the other tcphdr struct defined in <netinet/tcp.h>. My ASCII log file gives the source and destination ports as 32769 and 80 (well, http), respectively.
Any ideas? Thanks.
.
