Thread: seq & ack_seq from struct tcphdr... how do I get it?

Hi!

I've got a TCP packet off the network and have put it into the tcphdr struct, which is defined as follows in netinet/tcp.h.

Code:

struct tcphdr
  {
    u_int16_t source;
    u_int16_t dest;
    u_int32_t seq;
    u_int32_t ack_seq;
    u_int16_t res1:4;
    u_int16_t doff:4;
    u_int16_t fin:1;
    u_int16_t syn:1;
    u_int16_t rst:1;
    u_int16_t psh:1;
    u_int16_t ack:1;
    u_int16_t urg:1;
    u_int16_t res2:2;
    u_int16_t window;
    u_int16_t check;
    u_int16_t urg_ptr;
};

Getting the source and dest weren't much of an issue as I could use htons to get the port numbers. However, I couldn't get the right sequence and ack_sequence for it; I tried both htons and htonl. I'm using the ones displayed by Ethereal as reference and am trying to match those.

No luck yet getting the seq and ack_seq out of the struct

Ethereal by default does not show the correct ACK and SEQ numbers. Open up the preferences, and then select TCP from the Protocols submenu. Once there, unselect the checkbox that says "Relative sequence numbers". Now ethereal should display the sequence and acknowledgement numbers that are in the actual packets instead of always starting a connection at 1.