Hi,
here is my problem...
I listen to traffic in PROMISCUOUS mode and see lots of packets. But packet.hasHeader(tcp) returns true only for packets which are from or to current host. As a result, tcp.getPayload() doesn't work, but when I'm doing ip.getPayload() I see tcp payload with some additional headers (I guess it is tcp header).
So my question is how do I get pure tcp payload from packet which I received in PROMISCUOUS mode and which doesn't involve current host as src or dst?
Thanks.
best regards,
geng
Libpcap in promiscous mode captures all packets. There are could be a libpcap related reason why the packets do not have TCP header. Any libpcap capture filter is applied at the kernel level. So any other active filter will be applied to all capture sessions on the same interface. Same goes for promiscous mode. You should check that the network interface is actually in PROMISCOUS mode when capturing. Unix 'ifconfig' will show you flags on each interface. Lastly, a 'snaplen' parameter or sliced packet will also cause the tcp head not to be discovered.
I would suggest to just look at debug info for suspected packets and see what the scanner has recorded for headers:
System.out.println(packet.getState().toDebugString());