connection error

hello,
Here i am collect tcp information and detect some kind of attack using this following program. By default information will store syslog. What happened only getting this message

6:48:45 nasim-desktop tcpguard: TCPguard
16:48:45 nasim-desktop tcpguard: launched with pid 18261.

Can any one go through my program and give me right feedback then i can gett the right result.
This is my program.................

Code:

 */
/* #define NO_EUID_CHECK */
	
/* If you want TCPguard to announce all connection attemps... */
#define TCPG_SYN

/* Log QUESO probes. */
#define TCPG_QUESO

/* SYN flooding detection. */
#define TCPG_SYNFLOOD

/* WinNuke detection. */
#define TCPG_OOB

/* Log LAND attacks. */
#define TCPG_LAND

/* Log HPing probes and port 0 connection packets. */
#define TCPG_HPING

/* Shell daemon default port probe detection. */
#define TCPG_PORTD

/* Kill connections to TCP port TCPG_KILL. */
//#define TCPG_KILL	110 

/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */

/* Biggest list of includes you've ever seen, eh?! =;-) */
//#include <libnet.h>
#include <syslog.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#define __FAVOR_BSD
#include <netinet/tcp.h>
/* Why not make all variables global ?! */ 
struct ippkt {
 struct iphdr ip;
 struct tcphdr tcp;
 char buffer[10000];
} pkt;

int s, lns;
struct in_addr src_addr;
u_char *buff;
u_int sport, dport;

void tcpg_syn();
void tcpg_hping();
void tcpg_synflood();
void tcpg_portd();
void tcpg_queso();
void tcpg_land();
void tcpg_oob();
void tcpg_die();
void tcpg_init();
void tcpg_kill(u_short);

/***************************************************************************/
int main(int argc, char *argv[])
 {
 tcpg_init();
 
 if(fork()!=0)
 _exit(0);
 setsid();

 syslog(LOG_INFO, "TCPGUARD");
 syslog(LOG_INFO, "launched with pid %d.\n", getpid());
 
 while(1)
 {
  read(s, (struct ippkt *)&pkt,9999);
  src_addr.s_addr=0;
  src_addr.s_addr=pkt.ip.saddr;
 
#ifdef TCPG_SYN 
  tcpg_syn();
#endif
#ifdef TCPG_HPING
  tcpg_hping();
#endif
#ifdef TCPG_QUESO
  tcpg_queso();
#endif
#ifdef TCPG_SYNFLOOD
  tcpg_synflood();
#endif
/*#ifdef TCPG_KILL
  tcpg_kill(TCPG_KILL);
#endif*/
#ifdef TCPG_LAND
  tcpg_land();
#endif
#ifdef TCPG_OOB
  tcpg_oob();
#endif
#ifdef TCPG_PORTD
  tcpg_portd();
#endif
 }
}
/****************************************************************************/
u_long prev_seq=0;

void tcpg_die() 
{
  syslog(LOG_INFO, "TCPguard has now found a horrid death.");
  _exit(0);
} 

void tcpg_init()
 {
 openlog("tcpguard", 0, LOG_DAEMON);

#ifndef NO_EUID_CHECK
 if(geteuid()!=0) {
  syslog(LOG_INFO, "launched by normal user (uid %d).\n", geteuid());
  printf("This program uses raw sockets. On most systems, that requires root.\n");
  printf("If you know that your systems allows usage of raw sockets by normal\n");
  printf("users, re-compile the program with -DNO_EUID_CHECK.\n");
  _exit(1);
 }
#endif

 if((s=socket(AF_INET, SOCK_RAW, IPPROTO_TCP))==-1)
 {
  perror("socket()");
  _exit(2);
 }
}

/* HPing detection. (also makes noise if it finds packets sent to port 0)
 */
void tcpg_hping() 
{
 if(pkt.tcp.th_dport==0)
 if(pkt.tcp.th_flags&TH_FIN)
 syslog(LOG_INFO, "WARNING: HPing packet detected from %s !", inet_ntoa(src_addr));
 else 
 syslog(LOG_INFO, "WARNING: Packet to TCP port 0 from %s !", inet_ntoa(src_addr));
}

/* OOB check... this usually means WinNuke...
 * There still are many kiddies out there who try to winnuke ppl...
 */
void tcpg_oob() 
{
 if(pkt.tcp.th_flags&TH_URG)
 syslog(LOG_INFO, "ATTACK: WinNuke attempt from %s !", inet_ntoa(src_addr));
}

/* A common shell daemon uses 31337 as the default TCP port...
 * Sscan tries to connect to this port...
 */
void tcpg_portd() 
{
 if(pkt.tcp.th_dport==htons(31337))
 syslog(LOG_INFO, "WARNING: Backdoor on 31337 probed from %s !", inet_ntoa(src_addr));
}

/* Queso sends all its packets with a constant window size ... */
void tcpg_queso() 
{
 if(pkt.tcp.th_win==htons(4660))
 syslog(LOG_INFO, "ATTACK: A packet probably sent by QUESO was received !");
}

/* A rather basic detector for a couple of TCP/IP-based attacks.
 * (especially SYN-flooding)
 */
void tcpg_synflood()
 {
 if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK))) 
 if(pkt.tcp.th_seq!=prev_seq) prev_seq=pkt.tcp.th_seq; 
 else
 {
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !");
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!");
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!!");
  syslog(LOG_INFO, "TCPguard is dying...");
 }
}

void tcpg_syn()
 {
 if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK)))
 syslog(LOG_INFO, "WARNING: TCP connection attempted from %s:%d to port %d.", inet_ntoa(src_addr), ntohs(pkt.tcp.th_sport), ntohs(pkt.tcp.th_dport));
}

/* Land attack check.
 */
void tcpg_land()
 {
 if((pkt.ip.saddr==pkt.ip.daddr)&&(pkt.tcp.th_sport==pkt.tcp.th_dport))
 syslog(LOG_INFO, "ATTACK: LAND attack detected !!!");
}

I can say, only one thing, explain a little more.
May be then you get some quick replies.