TCP packets always two times

I've written a packet sniffer (source code further down), but it gives me
strange output.
I've running a apache webserver on my local machine. Now with my Opera I
asking for index.html in my htdocs directory. The sniffer tells me
something like that (I think the diagram should be clear):

TCP A (Opera) TCP B (Apache localhost:80)
0 CLOSED LISTEN

1 status --> <SEQ=4012423580;ACK-SEQ=0><SYN,> --> status
2 status --> <SEQ=4012423580;ACK-SEQ=0><SYN,> --> status

3 status <-- <SEQ=4010047240;ACK-SEQ=4012423581><SYN,ACK,> <-- status
4 status <-- <SEQ=4010047240;ACK-SEQ=4012423581><SYN,ACK,> <-- status

5 status --> <SEQ=4012423581;ACK-SEQ=4010047241><ACK,> --> status
6 status --> <SEQ=4012423581;ACK-SEQ=4010047241><ACK,> --> status
7 status --> <SEQ=4012423581;ACK-SEQ=4010047241><ACK,PSH,> --> status
8 status --> <SEQ=4012423581;ACK-SEQ=4010047241><ACK,PSH,> --> status

9 status <-- <SEQ=4010047241;ACK-SEQ=4012424063><ACK,> <-- status
10 status <-- <SEQ=4010047241;ACK-SEQ=4012424063><ACK,> <-- status
11 status <-- <SEQ=4010047241;ACK-SEQ=4012424063><ACK,PSH,> <-- status
12 status <-- <SEQ=4010047241;ACK-SEQ=4012424063><ACK,PSH,> <-- status

13 status --> <SEQ=4012424063;ACK-SEQ=4010047614><ACK,> --> status
14 status --> <SEQ=4012424063;ACK-SEQ=4010047614><ACK,> --> status
15 status --> <SEQ=4012424063;ACK-SEQ=4010047614><ACK,PSH,> --> status
16 status --> <SEQ=4012424063;ACK-SEQ=4010047614><ACK,PSH,> --> status

17 status <-- <SEQ=4010047614;ACK-SEQ=4012424584><ACK,PSH,> <-- status
18 status <-- <SEQ=4010047614;ACK-SEQ=4012424584><ACK,PSH,> <-- status

19 status --> <SEQ=4012424584;ACK-SEQ=4010049218><ACK,> --> status
20 status --> <SEQ=4012424584;ACK-SEQ=4010049218><ACK,> --> status

First question: Why is every package sent two times? And why is there no FIN
Flag set at line 19/20 ?

Now I also wrote a client (source code further down) which sends just a
single package. Output of my sniffer:

TCP A TCP B

1 status:9999--> <SEQ=1000000000;ACK-SEQ=1000000000><SYN,ACK,> -->status80
2 status:9999--> <SEQ=1000000000;ACK-SEQ=1000000000><SYN,ACK,> --> status80
3 status:770 --> <SEQ=0;ACK-SEQ=1157627944><SYN,PSH,FIN> --> status50774
4 status:770 --> <SEQ=0;ACK-SEQ=1157627944><SYN,PSH,FIN> --> status50774

In this case, again two times the package, but what are the lines 3 and 4 ??

After this I requested a simple webpage on the internet (www.vanck.de) and
the sniffer displays this:

1 status:32816 --><SEQ=2520086;ACK-SEQ=3624403200><FIN> --> status53
2 status:53 --> <SEQ=5928903;ACK-SEQ=3624436096><FIN> --> status32816
3 status:32816 --> <SEQ=2870011;ACK-SEQ=2086863104><FIN> --> status53
4 status:53 --> <SEQ=7780563;ACK-SEQ=2086896003><FIN> --> status32816
5 status:32816 --> <SEQ=2514414;ACK-SEQ=3997892864><FIN> --> status53
6 status:53 --> <SEQ=3571586;ACK-SEQ=3997925760><FIN> --> status32816
7 status:45086 --> <SEQ=414860113;ACK-SEQ=0><SYN,> --> status80
8 status:80 <-- <SEQ=770676650;ACK-SEQ=414860114><SYN,ACK,> <--status:45086
9 status:45086 --> <SEQ=414860114;ACK-SEQ=770676651><ACK,> --> status80
10 status:45086 --> <SEQ=414860114;ACK-SEQ=770676651><ACK,PSH,>--> status80
11 status:80 <-- <SEQ=770676651;ACK-SEQ=414860522><ACK,> <-- status:45086
12 status:80 <-- <SEQ=770676651;ACK-SEQ=414860522><ACK,PSH,><--status:45086
13 status:45086 --> <SEQ=414860522;ACK-SEQ=770677232><ACK,> --> status80
14 and so on ...

144 status:45086 --> <SEQ=414861029;ACK-SEQ=770788875><ACK,>--> status80
145 status:45086 --> <SEQ=414861029;ACK-SEQ=770788875><ACK,PSH,>-->status80
146 status:80<--<SEQ=770788875;ACK-SEQ=414861531><ACK,PSH,> <--status:45086
147 status:45086 --> <SEQ=414861531;ACK-SEQ=770789313><ACK,> --> status80

Here the packages are always sent one time. But lines 1 to 6 make me a
little confused.

How can this happen ?


Source code:
Packet Sniffer:

int main( int argc , char** argv ) {

int packetsize = sizeof( struct ether_header ) + sizeof( struct iphdr )
+ sizeof( struct tcphdr );
unsigned char* packet = malloc( packetsize );

struct ether_header* eth = (struct ether_header*) packet;
struct iphdr* ip = (struct iphdr*) (packet + sizeof( struct
ether_header ) );
struct tcphdr* tcp = (struct tcphdr*) (packet + sizeof( struct
ether_header) + sizeof( struct iphdr ) );

int uid = getuid();
if( uid != 0 ) { printf("Your UID is %d. Please log in as root.\n",uid);
exit(1); }

int socket_fd = socket( AF_INET , SOCK_PACKET , htons( 3 ) );
if( socket_fd < 0 ) { printf("Error, creating socket.\n"); exit(1); }

int counter = 0;
printf("TCP A
TCP B\n\n");
while( 1 ) {
recv( socket_fd , packet , packetsize, 0 );
counter++;

if( ntohs( tcp->source ) == 80 ) printf("%d status:%u <-- ",
counter , ntohs( tcp->source ) );
else printf("%d status:%u --> ", counter , ntohs( tcp->source ) );
printf("<SEQ=%u;ACK-SEQ=%u><" , ntohl( tcp->seq ) ,
ntohl( tcp->ack_seq ) );
if( tcp->urg ) printf("URG,");
if( tcp->syn ) printf("SYN,");
if( tcp->ack ) printf("ACK,");
if( tcp->psh ) printf("PSH,");
if( tcp->rst ) printf("RST,");
if( tcp->fin ) printf("FIN");

if( ntohs( tcp->source ) == 80 ) printf("> <-- status:%u\n" ,
ntohs( tcp->dest ) );
else printf("> --> status%u\n" , ntohs( tcp->dest ) );

}
}


Client:

int main( void ) {

int packetsize = sizeof( struct iphdr ) + sizeof( struct tcphdr );
unsigned char* packet = malloc( packetsize );

struct iphdr* ip = (struct iphdr*) packet;
struct tcphdr* tcp = (struct tcphdr*) (packet + sizeof( struct iphdr ));

int uid = getuid();
if( uid != 0 ) { printf("You need a least root access!\nProgram
terminated.\n"); exit(1); }

memset( packet , 0 , packetsize );
int socket_fd = socket( AF_INET , SOCK_RAW , IPPROTO_TCP );
if( socket_fd == -1 ) { printf("Error: Creating socket.\nProgram
terminated.\n"); exit(1); }


int one = 1;
if( setsockopt(socket_fd, IPPROTO_IP, IP_HDRINCL, &one, sizeof(one)) ==
-1 ) { printf("Error: setsockopt.\n"); exit(1); }

ip->version = 4;
ip->ihl = 5;
ip->id = htonl( random() );
ip->saddr = inet_addr("127.0.0.1");
ip->daddr = inet_addr("127.0.0.1");
ip->ttl = 255;
ip->protocol = IPPROTO_IP;
ip->tot_len = packetsize;
ip->check = 0; //kernel calculates checksum

tcp->source = htons( 9999 );
tcp->dest = htons( 80 );
tcp->ack_seq = htonl(1000000000);
tcp->seq = htonl(1000000000);
tcp->ack = 1;
tcp->syn = 1;
tcp->window = htons(1024);
tcp->check = 0;

struct sockaddr_in* addr = malloc( sizeof( struct sockaddr_in ) );
addr->sin_family = AF_INET;
addr->sin_port = tcp->source;
addr->sin_addr.s_addr = ip->saddr;

if( ( sendto( socket_fd , packet , packetsize , 0 , ( struct sockaddr* )
addr , sizeof( struct sockaddr_in ) ) ) == -1 ) { printf("Error: send");
exit(1); }

}

Paul wrote:
> I've written a packet sniffer (source code further down), but it gives me
> strange output.

Have you verified that you really aren't getting packet duplication
with Ethereal? I don't know the architecture of your network, but you
may be getting the same packet twice because it's routed through two
gateways and back.

Yeah, I already checked this with Ehtereal. Ethereal detects 10 packages and
my program 20. There is nothing unnormal about my architecture. A normal
router box with uplink and wlan communication between my machine an the
router.


FLY135 wrote:

>
> Paul wrote:
>> I've written a packet sniffer (source code further down), but it gives me
>> strange output.
>
> Have you verified that you really aren't getting packet duplication
> with Ethereal? I don't know the architecture of your network, but you
> may be getting the same packet twice because it's routed through two
> gateways and back.