tcpdump mailing list archives
Data in SYN and SYN acknowledgement packets
From: Justin Robinson <csmjmr () bath ac uk>
Date: Tue, 5 Aug 2003 23:06:15 +0100
Hi, I'm writing a piece of code with the libpcap() library that works out the next sequence number expected from the payload length. I'm concerned only with the tcp/ip protocol. I expected that during the three-way handshake of tcp, that the first two packets from the initiating TCP entity will NOT have any data in them. The first two packets are the SYN and the ACK to the other TCP entity's SYN. However, my code suggests that on some http connections, these packets hold data, which breaks my code. I calculate the payload length using pkt_header->caplen - tcp_len - ip_len - linklayer_len where tcp_len and ip_len are taken from the appropriate fields in their respective headers, and linklayer_len is always 14 because it is an ethernet header. Can someone please confirm that these packets are not supposed to have a payload? Thanks in advance, Justin - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Data in SYN and SYN acknowledgement packets Justin Robinson (Aug 18)
- Re: Data in SYN and SYN acknowledgement packets Jefferson Ogata (Aug 15)
- Re: Data in SYN and SYN acknowledgement packets Justin Robinson (Aug 18)
- Re: Data in SYN and SYN acknowledgement packets Aaron Turner (Aug 15)
- Re: Data in SYN and SYN acknowledgement packets Guy Harris (Aug 15)
- Re: Data in SYN and SYN acknowledgement packets Jefferson Ogata (Aug 15)