0

I have a basic packet sniffer like http://www.binarytides.com/packet-sniffer-code-c-linux/

I have extended it to process packets only on port 80 (HTTP). I am not sure how to get host web address from data. Can you guys help me here

What I am trying to do is parse HTTP header subset in order to identify host web address

I found something similar to what I need : https://github.com/joyent/http-parser/blob/master/http_parser.h#L194

but the code is too complex...

Or where can I find HTTP header bytewise breakdown like for TCP http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure

Improve this question
1

1 Answer 1

Reset to default
0

You need to grab the tcp data, then look for "GET". A typical http request looks like:

   GET www.foo.com HTTP/1.0

web host name just follows the GET request. So you can extract the web host address from there.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

what do you mean by look for GET. What I am trying to do is parse HTTP header subset and in order to identify host web address
To extract the web host address, you don't need to parse the full HTTP headers, that's why I said it, just look for GET. To get a full view of it, use wireshark to extract a http packet and look into it. But yes, if you intend to parse the whole http packet then look at the RFC of HTTP, and don't look only for GET.
Ye, but I need to do it this way, as it is a part of my ssignment :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.