ip_header* ih = (ip_header*)(pkt_data+14); tcp_header* th = (tcp_header*)(ih+20);
That's how pointer arithmetic works in C: the address is increased such that th
points 20 ip_header
worth of data away from where you started. Which means the address is increased with 20 * sizeof ip_header
.
Instead of that, you want to jump 20 bytes which you can do using:
tcp_header* th = (char *)ih + 20;