2. I’m trying to figure out the offsets for the various TCP flags. I >> would think that the offset should be PacketConstants.ETHER_HEADER_LENGTH >> + getIPHeaderLength() +13
Looks to me like the offset here is correct, and adding the IP header length looks right. I also remember that this was finicky in the implementation. I will have to take a look. ________________________________ From: Charles Givre <[email protected]> Sent: Monday, January 1, 2018 12:31:17 PM To: [email protected] Cc: Ted Dunning Subject: PCAP Issues Hello all, I was playing with the PCAP functionality in Drill and I wanted to add the TCP flags to the data that Drill is returning. I was also interested in adding the TCP Sequence and Ack numbers as well. I noticed that the code as written currently has a function in Packet.java which returns the TCP Sequence number, however this was never added to the schema, so I added that and rebuilt Drill, however, it doesn’t seem to be returning the correct result. The file I was querying is attached to this email, and should in all cases return a sequence number of zero. Questions: 1. Could someone please take a look at the code for the tcp_sequence and see if I did something wrong, or if the offset is not being calculated correctly 2. I’m trying to figure out the offsets for the various TCP flags. I would think that the offset should be PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get the word that has the flags and then from there, access the individual bits. However, this doesn’t seem to work. What am I missing? Thanks and Happy New Year! - C
