[Winpcap-users] lib for reassembing IP fragments?
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Apr 14 01:52:39 GMT 2006
Marc,
you can probably take some pieces of code from ethereal (which has such a
feature), or other tools like that (snort?).
Alternatively, you can have a look at the TCP/IP stack implementation of
OSes like BSD or Linux, or a lightweight stack like lwIP
(http://www.sics.se/~adam/lwip/).
In the latter case, consider that a sniffer (like the one you are building)
has a very different view of the traffic compared to the one of a TCP
endpoint: a TCP endpoint basically controls the finite state machine of the
protocol (so basically it knows if the connection is open, half closed....),
a sniffer should infer the status of the FSM of *each* endpoint by looking
at the TCP header (Sequence Numbers, Ack, flags....).
Hope it helps
GV
----- Original Message -----
From: "Marc Bartholomäus" <el.bartho at gmx.de>
To: <winpcap-users at winpcap.org>
Sent: Thursday, April 13, 2006 4:40 PM
Subject: [Winpcap-users] lib for reassembing IP fragments?
> Hello,
>
> I'm looking for a piece of code or library and something which helps me
> reassembling the captured (TCP/)IP packets to the real send/received
> socket
> data stream.
> Is there any usable open/public implementation for this or do i have to
> write this of my own.
>
> Thanks...
> Marc
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list