2

所以我最近一直在玩 libpcap,我有一个简单的问题。这是有问题的代码:

while( (result = pcap_next_ex(adapterHandle, &header, &packetData)) >= 0)
{
    if(result == 0) // Packet was dropped
        continue;


    ethernet = (struct sniff_ethernet*)packetData;
    ip = (struct sniff_ip*)(packetData + SIZE_ETHERNET);
    size_ip = IP_HL(ip)*4;
    ip_len = ntohs(ip->ip_len);

    if(ip->ip_p != IPPROTO_TCP)
        continue;

    tcp = (struct sniff_tcp*)(packetData + SIZE_ETHERNET + size_ip);
    size_tcp = TH_OFF(tcp)*4;
    if(size_tcp < 20)
    {
        cout << "Invalid TCP Header" << endl;
        exit(-1);
    }

    payload = (u_char*)(packetData + SIZE_ETHERNET + size_ip + size_tcp);
    size_payload = ip_len - (size_ip + size_tcp);

    cout << "************** Output A ******************" << endl;
    cout << payload << endl;
    cout << "*************** Output B *****************" << endl;
    for(int i=0; i<size_payload; i++)
        cout << payload[i];
}

因此,在我的测试中,我将其设置为只捕获 HTTP“GET”请求。现在在我看来,输出 A 和输出 B 的输出应该是相同的,只打印 HTTP 标头。输出 B 总是正确地打印出来,但输出 A 偶尔也会添加 HTTP 标头加上大约 7 个字节的随机文本(例如“ï╤↔N↓ƒ♂”)。

那么问题是这些乱码文本是从哪里来的?在输出 A 中直接打印有效负载与在输出 B 中循环通过它并打印每个字符之间有什么区别?

4

1 回答 1

2

Well, if it's not NUL-terminated (\0) it won't know where to stop, so it will print garbage text. You might want to do:

payload[size_payload] = '\0'; /* Before using it. */
于 2011-07-13T17:19:45.660 回答