Libnids: Corrupted Payload is printed

Question

I was trying to use Libnids library for TCP reassembly. So I wanted to check first that the payload is printed correctly compared to Wireshark. But, when I run the following code:

#include <stdio.h>
#include <nids.h>

void tcp_callback(struct tcp_stream *tcp, void **arg) {
    if (tcp->nids_state == NIDS_JUST_EST) {
        printf("Connection established\n");
        tcp->server.collect++; // and by a server, too
    } else if (tcp->nids_state == NIDS_DATA) {
        printf("Packet Payload: %.*s\n", tcp->server.count, tcp->server.data);
    }
}

int main() {

    nids_params.device = "wlo1";
    nids_params.pcap_filter = "host 174.143.201.208";

    if (!nids_init()) {
        fprintf(stderr, "nids_init() failed\n");
        return -1;
    }

    nids_register_tcp(tcp_callback);

    nids_run();

    return 0;
}

The printed payload seems to be corrupted:

Packet Payload: yω!
                   nT$ܫO�Q�F�:��V
� k=��                           g����.�ۅb|}퓈LOy�(�vr��8�S[@���p���CC
�P����у+3rj����7�,��t�+��,YH+�y�b�z����}vx�%�xb��K6��^�����F�,��(���)d����r
r.�Y`��@*e.���s��V���ho1�c?V_P����C��'ɯ�/�wt�v��

when I compare the output to Wireshark packets, it seems like that the characters, which does not appear like “�”, are right. but others are special characters.

I have made a guess that it is because payload data is represented in libnids as a Char pointer data type. But I don't actually know whether it is the true problem.

So, does anyone know why this happens, or how could I get the original payload?

Answer 1

The problem were the way I print the data. when I printed it using the following code in hex:

for (int i = 0; i < tcp->server.count_new; i++) 
    printf("%02X ",(unsigned char)tcp->server.data[i]);

It was printed correctly!