tcpdump mailing list archives
Re: handling tcp retransmissions with libpcap
From: Bruce M Simpson <bms () spc org>
Date: Thu, 23 Sep 2004 05:52:36 -0700
On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus:
I've been trying to read some tcp payloads from a dump file generated by tcpdump. Everything has been going smoothly until I encounter tcp segment losses and tcp retransmissions.
By 'read some tcp payloads' I assume you're referring to being able to extract the contents of the conversation from an arbitrary TCP stream. This isn't a job for tcpdump/libpcap alone; to do this correctly requires that the code parse the TCP segments it sees much the same way as a real TCP stack does. Something like libnids might be what you need; also consider looking at snort. Regards, BMS - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap Bruce M Simpson (Sep 23)
- Re: handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap ury segal (Sep 23)
- Re: handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap Bruce M Simpson (Sep 23)