да, сама структура "номер пакета" - "пакет"
Код:
PSeqRec = ^TSeqRec;
TSeqRec = packed record
swappedSeq: dword;
dataOffs,dataLen: dword;
wsa_buf: WSABUF;
end;
TSeqArr = array of TSeqRec;
и вспомогательные функции
Код:
function GetDWordDiff(aLo,aHi: dword):dword;
begin
if aHi >= aLo then result:=aHi - aLo
else result:= maxdword - aLo + aHi;
end;
function GetIPHeaderLen(ih: PIPHeader): Word; // IP header length
begin
// multiply the low nibble by 4
// and return the length in bytes
Result := (ih.iph_verlen and $F) shl 2;
end;
function GetTCPDataOffset(th: PTCPHeader): Word;
begin
// doff (data offset) stored in 32 bit words,
// multiply the value by 4 to get byte offset
Result := ((th.flags and $F0) shr 4) shl 2;
end;
function GetFlags(flags: word): string;
begin
result := '' ;
if (flags AND TCP_FLAG_FIN) = TCP_FLAG_FIN then result := result + 'FIN ';
if (flags AND TCP_FLAG_SYN) = TCP_FLAG_SYN then result := result + 'SYN ';
if (flags AND TCP_FLAG_RST) = TCP_FLAG_RST then result := result + 'RST ';
if (flags AND TCP_FLAG_PSH) = TCP_FLAG_PSH then result := result + 'PSH ';
if (flags AND TCP_FLAG_ACK) = TCP_FLAG_ACK then result := result + 'ACK ';
if (flags AND TCP_FLAG_URG) = TCP_FLAG_URG then result := result + 'URG ';
if (flags AND TCP_FLAG_ECH) = TCP_FLAG_ECH then result := result + 'ECH ';
if (flags AND TCP_FLAG_CWR) = TCP_FLAG_CWR then result := result + 'CWR ';
result := trim (result);
end;
function GetChecksum(lpBuf: pointer; count: integer; initial_value: word = 0):word;
var
temp: integer;
begin
//http://www.faqs.org/rfcs/rfc1071.html
temp:=initial_value;
while count > 1 do begin
temp:=temp + PWord(lpBuf)^;
inc(integer(lpBuf),sizeof(word));
dec(count,sizeof(word));
end;
if count > 0 then
temp:=temp + PByte(lpBuf)^;
while (temp shr 16) <> 0 do
temp:=(temp and $ffff) + (temp shr 16);
result:= not(temp);
end;