TCP/IP packets and wireshare

bkelly13 · 20 Nov 2011

windows 7, 64 bit, Visual Studio 2008, C++

I am writing a TCP/IP application to send data to vendor software on another computer. In order to check my data I need to use Wireshare. I am practicting on my home computer. It is connected to a Belkin router than a cable modem.

when I capture some packets they are not formatted according to my SAMs book on TCP/IP. According to the book the packet starts with the version number and IHL and the source address begins in byte 13 (using decimal, counting one to N).
Picking an arbitrary transmission, in my wireshark display the version number begins in byte 15, not 1. The source address follows at the expected relative address, now byte 27 instead of the expected 13. The below was copied from my wireshark display.
What is this 13 byte offset? And what is in those first 12 bytes?
In this example my computer is 192.168.2.2 (C0.A8.2.2 hex) and the destination is 65.254.245.100 (41.fe.f8.64 hex)
0000 00 30 bd 9c 71 9e bc ae c5 01 b7 54 08 00 45 00 .0..q... ...T..E.
0010 00 34 1f 85 40 00 80 06 00 00 c0 a8 02 02 41 fe .4..@... ......A.
0020 f8 64 c1 f6 00 6e 59 4a a0 8a 00 00 00 00 80 02 .d...nYJ ........
0030 20 00 fd 33 00 00 02 04 05 b8 01 03 03 08 01 01 ..3.... ........
0040 04 02 ..
Thanks for your time

Darryl Licht · 20 Nov 2011

Wireshare or Wireshark??? You mentioned both. If you meant Wireshark, as I suspect, it isnt an easy app to figure out on your own. I suggest looking at some of the many tutorials on Wireshark on their website and even youtube. It will take some time, but you eill get it.

Also, how old is the SAMS book you mentioned?

bkelly13 · 21 Nov 2011

Oops, I did mean Wire Shark. The book has a copyright date of 2009. Title is "Sams Teach Yourself TCP/IP"

I need to look at date that is sent from or to 192.10.12.50. I don't want any of the regular polling and keep alive stuff. The communications of interest is initiated from 192.10.12.50 with a broadcast to any IP address and a request for port 49000. (That I how I read the code, The vendor's app resides on 192.10.12.100 and will accept that connection and respond.) Then *.50 will mostly send data and and *.100 will mostly receive the data. I need to see those packets.