Set a TCP port > 65535 with pcap and dnet

Question

I have been injecting packets on the network and watching the effects via wireshark. I am able to correctly set and change tcp ports and set the source and destination. However, I am now having an issue. One of the things I need to do is to set a source port from port 66,000. Every time I try it just puts the number to 1163 in wireshark which is because it is supposed to be a short integer. Does anyone know how to make it accept the big number. I know the big endian and htonl should work so I tried that as well but that didn't solve the issue.

Here is the code I am using

void extract(u_char *user, struct pcap_pkthdr *h, u_char *pack ) {
  struct eth_hdr *ethhdr;
  struct ip_hdr *iphdr;
  struct tcp_hdr *tcphdr;

  ethhdr = (struct eth_hdr *)pack;
  iphdr = (struct ip_hdr *)(pack + ETH_HDR_LEN);
  tcphdr = (struct tcp_hdr *) (pack + ETH_HDR_LEN + (4*iphdr->ip_hl));
  //Set the ports
  tcphdr->th_sport = htons(66666);
  tcphdr->th_dport = htons(atoi(destString));

You don't 'have to do' this at all. You can't. There is no such thing as TCP port 66,000, or any value that doesn't fit into 16 bits. — user207421, Apr 20 '15 at 00:19

score 3 · Accepted Answer · answered Apr 19 '15 at 19:49

3

The port number is 16 bit. With 16 bit you can get only up to 65535. No way around it. See also the TCP header at http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure.

answered Apr 19 '15 at 19:49

Steffen Ullrich

90,680
7
99
140

Set a TCP port > 65535 with pcap and dnet

1 Answers1