Re: handling tcp retransmissions with libpcap

[Andy Coates <andy () bribed net>]

Bruce M Simpson (bms () spc org) wrote:
> On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus:
> > I've been trying to read some tcp payloads from a dump file
> > generated by tcpdump.  Everything has been going smoothly until
> > I encounter tcp segment losses and tcp retransmissions.
>
> By 'read some tcp payloads' I assume you're referring to being able to
> extract the contents of the conversation from an arbitrary TCP stream.
>
> This isn't a job for tcpdump/libpcap alone; to do this correctly requires
> that the code parse the TCP segments it sees much the same way as a real
> TCP stack does. Something like libnids might be what you need; also consider
> looking at snort.

libnids is *perfect*, thank you :)  

Andy.

-- 
n: Andy Coates                         e: andy () bribed net
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.