[Winpcap-users] TCP/IP stack reassembly
Accounts
accounts at sandmik.net
Tue Aug 15 06:37:17 GMT 2006
Dear David,
Thank you for your reply.
I was looking to see if there is already a way to do that (like the
follow tcp stream of wireshark) instead of recoding things myself...
Thanks.
David Chang wrote:
> Ralph,
>
> I'm sure that different implementations of TCP/IP have small
> differences in the way they handle packets. However, for the vast
> majority of real world situations, TCP/IP is well documented in RFC
> 791 & 793. In addition, books like TCP/IP Illustrated by W. Richard
> Stevens cover the protocol in great detail. Using these resources,
> one can write a TCP/IP re-assembly engine. I don't think there is a
> "standard" implementation (or algorithm) for re-assembly but rather a
> list of possible problem packets to handle. Looking at the libnids
> website (libnids.sourceforge.net), they mention a test suite that
> their re-assembly engine passed (libnids.sourceforge.net/TESTS).
> Maybe you can contact them to find out how they conducted their
> tests. Or, maybe you can just use their engine.
>
> DC
>
> ----- Original Message ----- From: "Thomas O'Hare" <Tom at RedTile.Com>
> To: <winpcap-users at winpcap.org>
> Sent: Monday, August 14, 2006 3:50 PM
> Subject: Re: [Winpcap-users] TCP/IP stack reassembly
>
>
>> Ralph
>>
>> I will go out on a limb here and anyone else is free to jump in...
>>
>> The nature of TCP/IP is a "connection oriented" protocol. Which mean a
>> real connection exists between 2 hosts. If the protocol stack is
>> anywhere near what it should be, then if there are problems with packets
>> the sending host is supposed to resend the problem data.
>>
>> So trying to recover and re-assemble packets seems to me to be
>> defeating, or at least making a lot more work for something that is
>> supposed to be done for you anyway by the stack.
>>
>> If I totally missed the boat, then please explain a little further.
>>
>> But it is late here, I am tired and so I am at a loss as to why you want
>> to work so hard...
>>
>> Thanks,
>> ~ Thomas O'Hare ~
>> President, RedTile, Inc. - DBA: RedTile Software
>> Web, Wireless, Network, Database & Systems Software
>> +1.407.295.9148 ; +49.8651.717950 ; http://www.RedTile.Com/
>> Operations Manager; Virtual FoxPro User Group
>> Tom at VFUG.Org ; http://www.VFUG.Org/
>>
>>
>> Accounts wrote:
>>> Hi All,
>>>
>>> I believe this question was asked before without a clear answer. Is
>>> there a definite or a standard way/library of reassembling the tcp/ip
>>> stack from the sniffed packets?
>>>
>>> I wanted to write one myself but the biggest problem that I have
>>> faced is debugging, is there a software out there that can simulate
>>> sending packets on demand (like fragmented and oob...) so that it could
>>> aid in the development and debugging of a code that does the
>>> reassembly?
>>>
>>> Thank you all.
>>> Ralph.
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
More information about the Winpcap-users
mailing list