Hi,
On Thu, Aug 19, 2010 at 11:23:39PM +0900, Andrej van der Zee wrote:
> I am trying to get the TCP sequence and ack number of TCP packets. Somehow I
> get different values than "tcpdump -vv" does. The numbers are way too big
> all the time. Source and destination ports are just fine. Below the relevant
> code. I studied the tcpdump source code but can't find why. Please help, I
> am stuck!
TCP sequence numbers basically start with a random start (ISN) value.
tcpdump will internally take note of the ISNs for a given "flow" and
will then only show the deltas "how many bytes sent/acked since the
beginning of the flow", instead of the absolute numbers.
>From a brief glance, your code looks fine to me.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
