Has anyone properly interpreted HTTP request based on this demo of winpcap?

Posted by httpinterpret on Stack Overflow See other posts from Stack Overflow or by httpinterpret
Published on 2010-05-07T10:22:23Z Indexed on 2010/05/07 10:28 UTC
Read the original article Hit count: 172

Filed under:
|
|

The example is here, and I tried it by changing the filter to tcp and dst port 80 and the following:

void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
    ....
    ip_len = (ih->ver_ihl & 0xf) * 4;
    tcp_len = (((u_char*)ih)[ip_len + 12] >> 4) * 4;
    tcpPayload = (u_char*)ih + ip_len + tcp_len;
    /* start of url - skip "GET " */
    url = tcpPayload + 4;
    end_url = strchr((char*)url, ' ');
    url_length = end_url - url;
    final_url = (u_char*)malloc(url_length + 1);
    strncpy((char*)final_url, (char*)url, url_length);
    final_url[url_length] = '\0';

    printf("%s\n", final_url);
     ....
}

But through debug, I see tcpPayload is full of messy code,not supposed "GET ..." stuff.

What's wrong with my implement?

© Stack Overflow or respective owner

Related posts about c

    Related posts about winpcap