0

I have a basic packet sniffer like http://www.binarytides.com/packet-sniffer-code-c-linux/

I have extended it to process packets only on port 80 (HTTP). I am not sure how to get host web address from data. Can you guys help me here

What I am trying to do is parse HTTP header subset in order to identify host web address

I found something similar to what I need : https://github.com/joyent/http-parser/blob/master/http_parser.h#L194

but the code is too complex...

Or where can I find HTTP header bytewise breakdown like for TCP http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure

maximilliano
  • 163
  • 1
  • 2
  • 16

1 Answers1

0

You need to grab the tcp data, then look for "GET". A typical http request looks like:

   GET www.foo.com HTTP/1.0

web host name just follows the GET request. So you can extract the web host address from there.

rakib_
  • 136,911
  • 4
  • 20
  • 26
  • what do you mean by look for GET. What I am trying to do is parse HTTP header subset and in order to identify host web address – maximilliano Nov 27 '13 at 04:44
  • To extract the web host address, you don't need to parse the full HTTP headers, that's why I said it, just look for GET. To get a full view of it, use wireshark to extract a http packet and look into it. But yes, if you intend to parse the whole http packet then look at the RFC of HTTP, and don't look only for GET. – rakib_ Nov 27 '13 at 04:55
  • Ye, but I need to do it this way, as it is a part of my ssignment :) – maximilliano Nov 27 '13 at 14:34