Ok, I've been learning some raw sockets, which involved learning about the tcphdr, etc structures; Now I have found out that when I try to extract the port numbers (the source and dest fields) from the TCP header structure, I need to use ntohs() to get correct numbers. If it makes any difference, I'm using the non-BSD version (#ifndef __FAVOR_BSD)
However, when I compare my sniffer with tcpdump, tcpdump gets different sequence and acknowledgement numbers than my sniffer. Now to the question:
Do I need to use ntohs() on the other fields? (I am assuming no, because all the other fields are declared outside of the Pre-Processor if-else sequence relating to the endian)
Or maybe is it normal that I get different seq and ack numbers than tcpdump; because I have tried with both ntohs() and without, and have gotten different numbers anyway. (Yes, I used the -S option on tcpdump).
And also, If I am totally out in the blue, could someone give me a shove in the right direction?