[Winpcap-users] Problem Reassembling IP Packets, missing packet-fragments!?

Gianluca Varenni gianluca.varenni at cacetech.com
Fri Apr 27 21:29:34 GMT 2007 

Message
  ----- Original Message ----- 
  From: Sam.Fielden at l-3com.com 
  To: winpcap-users at winpcap.org 
  Sent: Wednesday, April 18, 2007 12:48 PM
  Subject: [Winpcap-users] Problem Reassembling IP Packets,missing packet-fragments!?


  I have written code to reassemble fragmented IP messages and I have a system that is generating fragmented (Ethernet) messages which I can successfully capture using WireShark (all fragments!). However my "packet_handler(...)" method never receives the subsequent fragments, only ever the first (with "ip_header.flags" == 1 and "ip_header.offset" == 0).

  As an example every time I enter the "packet_handler(...)" method the "ip_header.identification" always increments by a value of 1. It is my understanding that fragmented IP packets have the same "ip_header.identification" value so this can be used for reassembling the complete message.

  I feel like I'm missing something obvious, do I need to 'request' the next fragment from the WinPCap interface or should it arrive, at my "packet_handler(...)" method, in sequence like it does in WireShark??


Are you using a capture filter for that? Wireshark uses winpcap to capture packets, you do not need to request any subsequent frame in an IP fragment. WinPcap has no concept of IP fragments, it just captures ethernet (or any other link layer) packets.


  Sam Fielden

  Software Engineer
  Beca Applied Technologies Ltd
  10001 Jack Finney Blvd
  Greenville, Texas, 75402
  Bldg. 208. CBN011
  Ph. (903) 457-4767

  Only Bikers understand why dogs love to stick their heads out car windows.



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070427/b527afe6/attachment.htm

More information about the Winpcap-users mailing list