// 定义TCP报头
typedef struct _TCPHEADER
{
WORD SourPort; // Source Port
WORD DestPort; // Destination Port
DWORD SeqNo; // Sequence Number
DWORD AckNo; // ACK Number
BYTE Off_Resv; // Offset and Reserved : 8bit
BYTE Flag; // Flag : 8bit
WORD WndSize; // the size of window : 16bit
WORD ChkSum; // CheckSum : 16bit
WORD UrgPtr; // Urgency Pointer : 16bit
}TCPHEADER;
// handle the TCP packet
BOOL CwPktCap::tcp_packet_handler(PACKET &packet, BUFFER buffer,unsigned char *data)
{
// Function : Handle tcp packet
//--- 定义指几TCP包的指针 -----------------------------------------------------
TCPHEADER *tcp_header; // tcp header pointer
//-----------------------------------------------------------------------------
BOOL res;
//-------- 指向TCP数据报文的起始位置,这点很重要 --------------
tcp_header = (TCPHEADER *)data; // 14: ethernet header length; 20 IP
header length
//------- 获取TCP包中所需字段的值 ------------------------
// Retrive the source port
packet.m_wSocPort = ntohs(tcp_header->SourPort);
// Retrive the destination port
packet.m_wDstPort = ntohs(tcp_header->DestPort);
// 其它的字段都用 tcp_header->XXX 来获取, 就不一一再写了
// 注意有些字段值需要由网络顺序转为主机顺序才是我们平时
// 看到的形式
// // according to the port distinguish the application
res = PktApplication(packet,packet.m_wDstPort);
if (res == FALSE)
res = PktApplication(packet,packet.m_wSocPort);
// Retrive the length of user's data
packet.m_nDataLength = packet.m_uLength - (tcp_header->Off_Resv >> 4) * 4;
if (packet.m_sApplication == "UNKOWN")
return TRUE;
return res;