tcpdump mailing list archives
seq reconstruction.
From: Matt Comb <mattyc () orcon net nz>
Date: 26 Jun 2003 12:48:30 +0000
I am piecing sequences together using the following basic algorithm, 1.When a packet arrives with a start flag, i create a sequence with an expected id. 2.If a packet arrives with that seq number, I append and then inc the expected id with the packet size., until 1 of the following happens. a) I receive a finish. b) I receive a reset c) the sequence times out. Is this sufficient, or must I pair up both the send and receive sequences ? I have done it this way, purely for speed, but want to know if this is acceptable or not. I have noticed for most traffic this is sufficient, but under HTTP 1.1 with keep alive, I am losing some sequences... I think it might be related. Any comments would be much appreciated. Regards, Matt.
Current thread:
- Request for DLT_ assignment: DLT_FIREWIRE dieter (Jun 25)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Guy Harris (Jun 25)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Dieter Siegmund (Jun 26)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Guy Harris (Jun 26)
- Re: Request for DLT_ assignment: DLT_FIREWIRE David Young (Jun 26)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Guy Harris (Jun 27)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Dieter Siegmund (Jun 26)
- Re: Request for DLT_ assignment: DLT_FIREWIRE Guy Harris (Jun 25)
- Re: seq reconstruction. Greg Stark (Jun 29)