> Hi all,
>
> I can get the iphdr (e.g. iphdr->ttl) and tcphdr structs. But I don't
> know the way that the http fields are stored in the TCP payload.
> Does anybody knows how can I get to sniff the info inside the TCP
> payload for the case that this one is carrying an HTTP message without
> having to access the (e.g.) Netscape source code itself but by just
> coding at the linux networking source code level?
>
> Thanks a lot!!
>
> Jordi
>
If you are able to get ip & tcp header fields,
char *httpdata;
httpdata = ((char *)tcphd + (tcphd->doff << 2));
httpdata will point to the beginning of tcp payload.
the length of data will be
int len = (ntohs(iphd->tot_len) - (iphd-ihl << 2) - (tcphd->doff<<2));
I think this will work.
Bye,
prakash
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/