tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

libpcap can't capture IP fragments

From: wen lui <esolvepolito () gmail com>
Date: Mon, 3 Jun 2013 17:18:53 +0200
I want to capture UDP packets which are destined to a local port, the
filtering expression is like udp port 20000. I notice if there are IP
fragmentation on a UDP packet, libpcap can only capture the first IP
fragment. I guess the reason is the second IP fragment are not with UDP
header (but with IP header, I think it is the same for TCP), so libpcap
can't capture them using the filter express udp port 20000.


although The second fragment is with IP header but no UDP header. The
IP/TCP stack will assembly the first and second IP fragment before it
delivers the whole UDP packet to the application. But it seems to me that
libpcap can't recognize the second IP fragment.

are there any workaround for this? or any other libraries which can capture
packets destined to a specific local port?

thanks!
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: