[Winpcap-users] Reassemble fragmented packets
Richard Horton
richard.horton at solstans.co.uk
Sun May 25 17:00:53 GMT 2008
Hi,
I'm currently developing an offline pcap reader to decode some TCP
traces (the packet payload is a bespoke routing information packet
used by some of our radios at work) - some of the traces may or may
not be fragmented. Currently I've got two problems:
1. Is there a library function that will do reasembly for me, if not
does anyone have an easy-to-follow example?
2. A number of trace files I've got containing fragments (including
some captured HTTP sessions) do not have the MF flag set in the IPv4
header - without this how am I supposed to know what is/is not
fragmented? (Traces captured using Wireshark 1.0.0, winpcap 2.0.4
IIRC.)
TIA,
Richard.
--
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
More information about the Winpcap-users
mailing list