我抓到包以后修改了TCP的信息,再转发,重新计算TCP的校验和部分出的问题出错的包是SIP:192.168.232.1
DIP:192.168.111.111
协议:0006
长度:0x45=69
伪首部
0xC0,0xA8,0xE8,0x01,0xC0,0xA8,0x6F,0x6F,
0x00,0x06,0x00,0x45,TCP数据(这是一个FTP的报文)
0x00,0x15,0x12,0xaa,0x00,0xb4,0x3c,0xa5,
0x52,0x51,0xbd,0xf4,0x50,0x18,0x80,0x00,
0x00,0x00,0x00,0x00,0x32,0x32,0x30,0x20, /*前两个字节设置为0x00,是checksum字段*/
0x53,0x65,0x72,0x76,0x2d,0x55,0x20,0x46,
0x54,0x50,0x20,0x53,0x65,0x72,0x76,0x65,
0x72,0x20,0x76,0x36,0x2e,0x34,0x20,0x66,
0x65,0x72,0x20,0x57,0x69,0x6e,0x53,0x6f,
0x63,0x6b,0x20,0x72,0x65,0x61,0x64,0x79,
0x2e,0x2e,0x2e,0x0d,0x0a我的校验和程序是
unsigned short Pkt_CheckSum(unsigned short *pData, unsigned long ulLen)
{
unsigned long cksum = 0; while (ulLen > 1)
{
cksum += *pData;
pData++;
ulLen -= sizeof(unsigned short);
} if(ulLen)
{
/*奇数字节,最后补0*/
cksum += (*pData)&(0xff00);
} cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16); return (unsigned short)cksum;
}
这个报文是一个奇数长的的报文,我发现我的偶数长度的报文是没有问题的,我程序计算的校验值是0x02aa,可是抓包软件提示我正确的CRC是0xF8A9
我手工计算了一下这个报文,好像校验值就是0x2AA,不知道0xF8A9是怎么来的请大侠们赐教了。
DIP:192.168.111.111
协议:0006
长度:0x45=69
伪首部
0xC0,0xA8,0xE8,0x01,0xC0,0xA8,0x6F,0x6F,
0x00,0x06,0x00,0x45,TCP数据(这是一个FTP的报文)
0x00,0x15,0x12,0xaa,0x00,0xb4,0x3c,0xa5,
0x52,0x51,0xbd,0xf4,0x50,0x18,0x80,0x00,
0x00,0x00,0x00,0x00,0x32,0x32,0x30,0x20, /*前两个字节设置为0x00,是checksum字段*/
0x53,0x65,0x72,0x76,0x2d,0x55,0x20,0x46,
0x54,0x50,0x20,0x53,0x65,0x72,0x76,0x65,
0x72,0x20,0x76,0x36,0x2e,0x34,0x20,0x66,
0x65,0x72,0x20,0x57,0x69,0x6e,0x53,0x6f,
0x63,0x6b,0x20,0x72,0x65,0x61,0x64,0x79,
0x2e,0x2e,0x2e,0x0d,0x0a我的校验和程序是
unsigned short Pkt_CheckSum(unsigned short *pData, unsigned long ulLen)
{
unsigned long cksum = 0; while (ulLen > 1)
{
cksum += *pData;
pData++;
ulLen -= sizeof(unsigned short);
} if(ulLen)
{
/*奇数字节,最后补0*/
cksum += (*pData)&(0xff00);
} cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16); return (unsigned short)cksum;
}
这个报文是一个奇数长的的报文,我发现我的偶数长度的报文是没有问题的,我程序计算的校验值是0x02aa,可是抓包软件提示我正确的CRC是0xF8A9
我手工计算了一下这个报文,好像校验值就是0x2AA,不知道0xF8A9是怎么来的请大侠们赐教了。
修改为
cksum += (*pData)&(0x00ff);