Thanks for the comments, Sorry if i was a little unclear.
This is what I am trying to achieve:
Similarly to the way that the summary.x files calculate certain
information on the entire capture, I would like to produce some summary
statistics for just TCP packets.
In order to achieve this, I need to check every packet in the capture,
to see if it is TCP, if so, then I would like to collect some
statistics, initially:
The header length of the TCP header
The length of the TCP payload
The TCP sequence number
The TCP acknowledgement number
As you tell me that this is all stored within a tree structure, I need to
get some understanding of this. I am not sure where I should be looking
in the code, as it is quite vast.
> > - does pfd within the frame_data struct tell me what protocol a packet is
>
> No.
What does this point to? Is it the protocol data tree?
Thanks
Phil
On Mon, 25 Mar 2002, Guy Harris wrote:
> On Mon, Mar 25, 2002 at 12:18:50PM +0000, Phil Williams wrote:
> > 1. Firstly test if a packet is tcp, as I will have to loop through the
> > whole capture file.
> > - does pfd within the frame_data struct tell me what protocol a packet is
>
> No.
>
> > Looking at the code, it seems that protocol specific data is stored in
> > some tree like structure, which I can't seem to grasp.
>
> Well, unfortunately, that tree structure is the one that tells you
> whether a frame includes TCP.
>
> > 2. I want to be able to get access to the sequence number and the header
> > length of a tcp packet,
>
> That's also in said tree structure.
>
> > as well as the length of the whole packet.
>
> "The whole packet" as in "the frame being examined", or as in "the TCP
> payload", or what?
>
--
Phil Williams
