ICMP sniffer...showing wrong ICMP-ID

["kifah Abbad" <kifah () prz tu-berlin de>]

hi guys,

i have this sniffer based on pcap, and i keep comparing its output with
tcpdump.

Besides...i "stole" some of the code on print-icmp.c from tcpdump :-)

I get good values, except for ICMP ID (icmp->icmp_hun.ih_idseq.icd_id)

Here is the relevant part in my code:

printf("\tICMP_Checksum: %d\n", icmp->icmp_cksum);
                //ICMP ID
                printf("\tICMP ID: %u\n", (unsigned)ntohs(icmp->icmp_hun.ih_idseq.icd_id));
                //ICMP SEQ
                printf("\tICMP SEQ: %u\n",(unsigned)ntohs(icmp->icmp_hun.ih_idseq.icd_seq));
                //ICMP Data
                printf("\tICMP DATA: %s\n", icmp->icmp_dun.id_data);


Here is similar parts from tcpdump print-icmp.c

case ICMP_TSTAMPREPLY:
                TCHECK(dp->icmp_ttime);
                (void)snprintf(buf, sizeof(buf),
                    "time stamp reply id %u seq %u : org 0x%lx recv 0x%lx xmit 0x%lx",
                    (unsigned)ntohs(dp->icmp_id),
                    (unsigned)ntohs(dp->icmp_seq),
.
.
.

//now my proggie shows for example:

ICMP_Type: 8
        ICMP_Code: 0
        ICMP_Checksum: 52728
        ICMP ID: 256 <-----Id value
        ICMP SEQ: 21390
        ICMP DATA: abcdefghijklmnopqrstuvwabcdefghi


And tcpdump shows (with -vv)

16:34:11.345005 10.10.10.11 > 10.10.10.10: icmp: echo request (id:0100 <-- id
value

So what's the deal? looks like it some kind of conversion thingie,right?altough
i think i converted right.




-- 
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe