tcpdump mailing list archives
Re: Capturing a "clean" TCP stream
From: Guy Harris <guy () alum mit edu>
Date: Fri, 18 May 2007 14:41:18 -0700
On May 18, 2007, at 7:09 AM, Alexandros Karypidis wrote:
I am writing a program that is intended to monitor the requests made toa server from various clients. I am using libpcap to capture all packets directed to the server's IP and need to parse the _payload_ of the TCP stream (i.e. isolate the application protocol messages, discarding TCP retransmissions). I am currently parsing the TCP header using sequence/ack fields to detect retransmissions and extract payload. Could one suggest a better approach to this?
Perhaps I'm missing something, but I can't think of a better approach, other than "use a library that does that work for you, if it exists" (or steal code from an application that does it). I have the impression that a library of that sort might exist, but I don't remember what it might be.
You can't specify a filter that will discard retransmissions, as BPF filters are stateless.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Capturing a "clean" TCP stream Alexandros Karypidis (May 18)
- Re: Capturing a "clean" TCP stream Guy Harris (May 18)
- Re: Capturing a "clean" TCP stream Gregor Maier (May 19)
- Re: Capturing a "clean" TCP stream Aaron Turner (May 20)
- Re: Capturing a "clean" TCP stream Sivakumar Ramagopal (May 19)
- Re: Capturing a "clean" TCP stream Guy Harris (May 18)