[Winpcap-users] TCP/IP stack reassembly
dchang at fsautomation.com
Tue Aug 15 00:12:43 GMT 2006
I'm sure that different implementations of TCP/IP have small differences in
the way they handle packets. However, for the vast majority of real world
situations, TCP/IP is well documented in RFC 791 & 793. In addition, books
like TCP/IP Illustrated by W. Richard Stevens cover the protocol in great
detail. Using these resources, one can write a TCP/IP re-assembly engine.
I don't think there is a "standard" implementation (or algorithm) for
re-assembly but rather a list of possible problem packets to handle.
Looking at the libnids website (libnids.sourceforge.net), they mention a
test suite that their re-assembly engine passed
(libnids.sourceforge.net/TESTS). Maybe you can contact them to find out how
they conducted their tests. Or, maybe you can just use their engine.
----- Original Message -----
From: "Thomas O'Hare" <Tom at RedTile.Com>
To: <winpcap-users at winpcap.org>
Sent: Monday, August 14, 2006 3:50 PM
Subject: Re: [Winpcap-users] TCP/IP stack reassembly
> I will go out on a limb here and anyone else is free to jump in...
> The nature of TCP/IP is a "connection oriented" protocol. Which mean a
> real connection exists between 2 hosts. If the protocol stack is
> anywhere near what it should be, then if there are problems with packets
> the sending host is supposed to resend the problem data.
> So trying to recover and re-assemble packets seems to me to be
> defeating, or at least making a lot more work for something that is
> supposed to be done for you anyway by the stack.
> If I totally missed the boat, then please explain a little further.
> But it is late here, I am tired and so I am at a loss as to why you want
> to work so hard...
> ~ Thomas O'Hare ~
> President, RedTile, Inc. - DBA: RedTile Software
> Web, Wireless, Network, Database & Systems Software
> +1.407.295.9148 ; +49.8651.717950 ; http://www.RedTile.Com/
> Operations Manager; Virtual FoxPro User Group
> Tom at VFUG.Org ; http://www.VFUG.Org/
> Accounts wrote:
>> Hi All,
>> I believe this question was asked before without a clear answer. Is
>> there a definite or a standard way/library of reassembling the tcp/ip
>> stack from the sniffed packets?
>> I wanted to write one myself but the biggest problem that I have
>> faced is debugging, is there a software out there that can simulate
>> sending packets on demand (like fragmented and oob...) so that it could
>> aid in the development and debugging of a code that does the reassembly?
>> Thank you all.
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
More information about the Winpcap-users