[Winpcap-users] UDPdump
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Dec 28 15:54:16 GMT 2007
----- Original Message -----
From: "Maria de Fatima Requena" <MariaF.Requena at a-e.es>
To: <winpcap-users at winpcap.org>
Sent: Friday, December 21, 2007 4:58 AM
Subject: [Winpcap-users] UDPdump
> Hi. I'm transforming your example code in order to use SIP packets,
> which are supposed to be udp datagram. I'm using field uh->len in order
> to work out the size of the SIP packet, but I get a number much bigger
> than it should be. For example: I get a size of about 5000 for a packet
> of 600.
>
> Which unit is uh->len in?(bits, bytes...)Why is it said in the comment
> to be datagram length, while the UDP specification says that it must be
> the size of the whole udp packet?
>
The unit is bytes. Regarding the comment, i think it's not precise. In the
specific case, by datagram it means udp header + payload.
Regarding the strange number you get (5000 when the packet size is 600), two
things come to my mind:
1. you forgot to conver the length from network byte order to host byte
order
2. the original UDP packet was actually 5000 bytes, and it got fragmented
into multiple IP fragments.
I would try receiving the same packets with wireshark and see how wireshark
decodes them.
Have a nice day
GV
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list