Hello,
I am trying to capture client hello packet and retrive data. I have added filter at outbound transport layer. And for getting tcp header data advance the pointer by offset. But I am not getting correct data. What am I missing here.
typedef struct _tcp_header {
UINT16 source_port;
UINT16 dest_port;
UINT32 seq_num;
UINT32 ack_num;
UINT8 offset : 4,
reserved : 4,
flags : 8;
UINT16 window;
UINT16 checksum;
UINT16 urg_ptr;
} tcp_header;
classifyfn
NET_BUFFER_LIST* nbl = (NET_BUFFER_LIST*)layerdata;
NET_BUFFER* nb = NET_BUFFER_LIST_FIRST_NB(nbl);
if (nb->CurrentMdl != NULL) {
PMDL mdl = NET_BUFFER_FIRST_MDL(nb);
ULONG offset = nb->DataOffset;
UCHAR* data = (UCHAR*)MmGetMdlVirtualAddress(mdl) + offset;
tcp_header* tcp_hdr = (tcp_header*)data;
KdPrint(("ack : %d\n", tcp_hdr->ack_num));
KdPrint(("dest : %d\n", tcp_hdr->dest_port));
KdPrint(("seq : %d\n", tcp_hdr->seq_num));
KdPrint(("src : %d\n", tcp_hdr->source_port));