|
TCP Reconstruction(C ,libpcap,linux)
Hello all,
How to reassemble tcp packets of a particular HTTP session? How can I know the number of tcp packets /session? I tried capturing HTTP packets but dint know where to find these details in the packet.... Any help is appreciable.. Thanks in advance |
Quote:
|
Thanku unspawn.
I have heard about wireshark.I am trying to develop a network analyser tool by myself using libpcap and C. This tcp reconstruction is one feature of it.As such I cant use another tool for this purpose. Can you help me with some tips of how to use libpcap for reconstruction? I dint get great info on googling this topic. I basically want to know how to approach this reconstruction..Can anyone help me??? |
try analyzing the sequence and acknowledge numbers.
|
Thank you Chakka
I see http request as a single packet and http response comes as 2 or more packets(mostly 2). From which i infer dat the response packets 1 an 2.. had the same seq and ack number. Otherwise seq number of packet 1 will be the ack num of packet 2.Am i right.I don know any more to add.. Can you be specific r can u suggest some material for HTTP/TCP reconstruction?? |
did u gone through RFC 793 ?
|
| All times are GMT -5. The time now is 08:47 PM. |