tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RFC: DLT for "application TCP stream capture"

From: Guy Harris <guy () alum mit edu>
Date: Wed, 14 Jan 2015 14:21:18 -0800

On Jan 14, 2015, at 12:10 PM, Michael Tuexen <Michael.Tuexen () lurchi franken de> wrote:


On 14 Jan 2015, at 18:19, Denis Ovsienko <denis () ovsienko info> wrote:


Eventually, we'll be using this format to debug multi-path TCP, in which case 
the IP addresses (and maybe even the IP4/IP6-ness of it) might change. 


Also there exists SCTP, which implements the concept of variable (0..65535) number of "streams" for each direction 
of an "association" between a pair of sockets (in TCP these two things are the same), so a stream_id field in the 
encoding (0 for TCP and UDP) could be handy for SCTP payload representation.

and don't forget the PPID, the ordered/unordered flag, and the TSN/SSN. All this is exposed to the application...


OK, so the transport-layer metadata values we should include are:

        UDP: source and destination port numbers

        TCP: source and destination port numbers, EOF indication (think of it as FIN), urgent pointer?

        SCTP: source and destination port numbers, stream ID, PPID, ordered/unordered flag, TSN/SSN

Anything else?

What about TCP - or IP - options?  Some of those may be exposed to the application.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: