PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get the word
that has the flags
Looks to me like
getByte(raw, ipOffset + getIPHeaderLength() + 13)
is what you need. And this gets you the byte, not the word.
________________________________
From: Charles Givre <[email protected]>
Sent: Monday, January 1, 2018 12:31:17 PM
To: [email protected]
Cc: Ted Dunning
Subject: PCAP Issues
Hello all,
I was playing with the PCAP functionality in Drill and I wanted to add the TCP
flags to the data that Drill is returning. I was also interested in adding the
TCP Sequence and Ack numbers as well. I noticed that the code as written
currently has a function in Packet.java which returns the TCP Sequence number,
however this was never added to the schema, so I added that and rebuilt Drill,
however, it doesn’t seem to be returning the correct result. The file I was
querying is attached to this email, and should in all cases return a sequence
number of zero.
Questions:
1. Could someone please take a look at the code for the tcp_sequence and see
if I did something wrong, or if the offset is not being calculated correctly
2. I’m trying to figure out the offsets for the various TCP flags. I would
think that the offset should be PacketConstants.ETHER_HEADER_LENGTH +
getIPHeaderLength() +13 to get the word that has the flags and then from there,
access the individual bits. However, this doesn’t seem to work. What am I
missing?
Thanks and Happy New Year!
- C
