[Winpcap-users] Problem Reassembling IP Packets,
missing packet-fragments!?
Sam.Fielden at L-3com.com
Sam.Fielden at L-3com.com
Mon Apr 30 16:11:55 GMT 2007
Gianluca,
I am using a capture filter generated by the following code, note an
example of the filter is provided in the method documentation.
// generateIOFilter.
// String* server : the ip address (ipv4) of the server for the
connection being monitored
// String* client : the ip address (ipv4) of the client for the
connection being monitored
// String* port : the port number used for the connection being
monitored
// Updates the String* io_filter by adding the details of the connection
passed in.
// EG. io_filter = "((ip host 192.168.162.1 or ip host 192.168.162.2)
and port 5566)"
void M_Ethernet_Bus::generateIOFilter( String* server, String* client,
String* port )
{
// make an array of the filter tokens. Note that we have included
spaces.
String* tokens[] = {" ((ip host ", server, " or ip host ", client,
") and", " port ", port, ")"};
// concatenate all the tokens into one string.
String* io_filter_base = String::Concat(tokens);
// ensure the filter string is initialised and if it is, then
concatenate to support multiple
// connections.
if(!io_filter)
io_filter = "";
else
io_filter = String::Concat(io_filter, " or");
// finally put it all together.
io_filter = String::Concat(io_filter, io_filter_base);
}
It is not my understanding that using this filter will prevent the
subsequent fragments being received by the packet_handler(...) method,
please correct me if this is wrong. When using WireShark (and debugging
my code simultaneously) I can see the fragments being received in order,
yet they are never passed to the packet_handler(...) method.
Thanks for taking the time to peruse this with me.
Regards, Sam.
-----Original Message-----
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca Varenni
Sent: Friday, April 27, 2007 4:30 PM
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] Problem Reassembling IP
Packets,missing packet-fragments!?
----- Original Message -----
From: Sam.Fielden at l-3com.com
To: winpcap-users at winpcap.org
Sent: Wednesday, April 18, 2007 12:48 PM
Subject: [Winpcap-users] Problem Reassembling IP
Packets,missing packet-fragments!?
I have written code to reassemble fragmented IP messages
and I have a system that is generating fragmented (Ethernet) messages
which I can successfully capture using WireShark (all fragments!).
However my "packet_handler(...)" method never receives the subsequent
fragments, only ever the first (with "ip_header.flags" == 1 and
"ip_header.offset" == 0).
As an example every time I enter the
"packet_handler(...)" method the "ip_header.identification" always
increments by a value of 1. It is my understanding that fragmented IP
packets have the same "ip_header.identification" value so this can be
used for reassembling the complete message.
I feel like I'm missing something obvious, do I need to
'request' the next fragment from the WinPCap interface or should it
arrive, at my "packet_handler(...)" method, in sequence like it does in
WireShark??
Are you using a capture filter for that? Wireshark uses winpcap
to capture packets, you do not need to request any subsequent frame in
an IP fragment. WinPcap has no concept of IP fragments, it just captures
ethernet (or any other link layer) packets.
Sam Fielden
Software Engineer
Beca Applied Technologies Ltd
10001 Jack Finney Blvd
Greenville, Texas, 75402
Bldg. 208. CBN011
Ph. (903) 457-4767
Only Bikers understand why dogs love to stick their
heads out car windows.
________________________________
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070430/d7bca450/attachment.htm
More information about the Winpcap-users
mailing list