从结构访问TCP标志
脚本中有TCP结构:从结构访问TCP标志,c,tcp,C,Tcp,脚本中有TCP结构: struct sniff_tcp { u_short th_sport; /* source port */ u_short th_dport; /* destination port */ tcp_seq th_seq; /* sequence number */ tcp_seq th_ack; /* acknowledg
struct sniff_tcp {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
u_char th_offx2; /* data offset, rsvd */
#define TH_OFF(th) (((th)->th_offx2 & 0xf0) >> 4)
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#define TH_ECE 0x40
#define TH_CWR 0x80
#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};
如何确定是否设置了特定标志?对于每个标志,我想知道它是1还是0 您需要以类似以下方式测试标志:
struct sniff_tcp *ptr = …;
if (ptr->th_flags & TH_FIN)
puts ("FIN set");
if (ptr->th_flags & TH_SYN)
puts ("SYN set");
(您可能必须在结构定义中应用
#pragma packpack