tcpdump mailing list archives
handling tcp retransmissions with libpcap
From: Andy Coates <andy () bribed net>
Date: Thu, 23 Sep 2004 13:29:33 +0100
Hello, I've been trying to read some tcp payloads from a dump file generated by tcpdump. Everything has been going smoothly until I encounter tcp segment losses and tcp retransmissions. Now i'm no coding genius nor do I understand the ins and out of tcp headers enough to be able to develop a solution myself, so i'm hoping there are some routines out there already that can aid me, or some easy reading on how to do it myself. Basically I started off with the sniffer.c source code and the tcpdump.org pcap tutorial, and have worked on building my program from that. So all the necessary structures are available to me: ethernet = (struct sniff_ethernet*)(packet); ip = (struct sniff_ip*)(packet + size_ethernet); tcp = (struct sniff_tcp*)(packet + size_ethernet + size_ip); payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp); My problem (as discovered using ethereal to analyse the dump) is that a few packets are getting lost/retransmitted, and I've no idea how to tell that is happening from the basic information available to me, so I see (in ethereal): [TCP Previous segment lost] [TCP Dup ACK 17#1] [TCP Retransmission] [TCP Retransmission] Now if I can identify what a bad packet is and ignore it, and then find the correct retransmitted packet, I can get the correct payload I was looking for I presume. All pcap examples I've seen so far ignore this problem occuring so I haven't seen an example way of doing it yet. Can anyone help? Thanks, Andy. -- n: Andy Coates e: andy () bribed net - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap Bruce M Simpson (Sep 23)
- Re: handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap ury segal (Sep 23)
- Re: handling tcp retransmissions with libpcap Andy Coates (Sep 23)
- Re: handling tcp retransmissions with libpcap Bruce M Simpson (Sep 23)