NAME
tcp_opn_dissect - trasmission control protocol options dissect function
SYNOPSIS
opn=tcp_opn_dissect(pkt,offset,opn_end)
TCPOPT_EOL = 0
TCPOPT_NOP = 1
TCPOPT_MSS = 2
TCPOPT_WINDOW = 3
TCPOPT_SACK_PERM = 4
TCPOPT_SACK = 5
TCPOPT_ECHO = 6
TCPOPT_ECHOREPLY = 7
TCPOPT_TIMESTAMP = 8
TCPOPT_POC = 9
TCPOPT_POS = 10
TCPOPT_CC = 11
TCPOPT_CCNEW = 12
TCPOPT_CCECHO = 13
TCPOPT_AC_REQ = 14
TCPOPT_AC_DATA = 15
TCPOPT_MD5 = 19
DESCRIPTION
HOMEdissect TCP ' s options. dissectable are:
End of Option List
+--------+
|00000000|
+--------+
No-Operation
+--------+
|00000001|
+--------+
Maximum Segment Size
+--------+--------+---------+--------+
|00000010|00000100| max seg size |
+--------+--------+---------+--------+
TCP Window Scale Option:
+--------+--------+---------+
|00000011|00000101|shift.cnt|
+--------+--------+---------+
TCP Sack-Permitted
+--------+--------+
|00000100|00000010|
+--------+--------+
TCP Echo
+--------+--------+--------+--------+--------+--------+
|00000110|00000110| 4 bytes of info to be echoed |
+--------+--------+--------+--------+--------+--------+
TCP Echo Reply
+--------+--------+--------+--------+--------+--------+
|00000111|00000110| 4 bytes of echoed info |
+--------+--------+--------+--------+--------+--------+
TCP POC-permitted
+--------+--------+
|00001001|00000010|
+--------+--------+
TCP POC-service-profile
+--------+--------+----------+
|00001010|00000011|S|E|Filler|
+--------+--------+----------+
CC Option
+--------+--------+--------+--------+--------+--------+
|00001011|00000110| Connection Count: SEG.CC |
+--------+--------+--------+--------+--------+--------+
TCP Alternate Checksum Request
+--------+--------+---------+
|00001110|00000011| chksum |
+--------+--------+---------+
TCP Alternate Checksum Data
+--------+--------+---------+ +---------+
|00001111|Length=N| data | ... | data |
+--------+--------+---------+ +---------+
CC.NEW Option
+--------+--------+--------+--------+--------+--------+
|00001100|00000110| Connection Count: SEG.CC |
+--------+--------+--------+--------+--------+--------+
TCP Sack
+--------+--------+
|00000101| Length |
+--------+--------+--------+--------+
| Left Edge of 1st Block |
+--------+--------+--------+--------+
| Right Edge of 1st Block |
+--------+--------+--------+--------+
| |
/ . . . /
| |
+--------+--------+--------+--------+
| Left Edge of nth Block |
+--------+--------+--------+--------+
| Right Edge of nth Block |
+--------+--------+--------+--------+
TCP MD5 Signature
+---------+--------+-------------------+
|000010011|00010010| |
+---------+--------+- - - - - - - - - -+
| |
+ - - - - - - - - - - - - - - - - - - -+
| MD5 digest... |
+ - - - - - - - - - - - - - - - - - - -+
| |
+ - - - - - - - - -+-------------------+
| |
+------------------+
CC.ECHO Option
+--------+--------+--------+--------+--------+--------+
|00001101|00000110| Connection Count: SEG.CC |
+--------+--------+--------+--------+--------+--------+
TCP Timestamps Option (TSopt):
+--------+--------+--------+--------+--------+--------+--------+--------+--------+--------+
|00001000|00001010| TS Value (TSval) | TS Echo Reply (TSecr) |
+--------+--------+--------+--------+--------+--------+--------+--------+--------+--------+
references RFC 793, 1072, 1106, 1145, 1323, 1644, 1693, 2018, 2385, 2883
funtion accepts three arguments:
pkt is a packet reference containing the whole already dissected packet
offset is the position inside packet to start dissection
opn_end equals offset plus option length
funtion returns one list:
opn is a list
each item of the list is a dissected option
this is the option's prototype: [option_code,option_length,(option_field1,option_field2,.......,option_fieldN)]
note: negative option_code means option exceeds global options length
if opions are present and opn equals None, probably packet is truncated