[Winpcap-users] Size of packet captured!

Gianluca Varenni gianluca.varenni at cacetech.com
Fri Jul 24 08:08:28 PDT 2009


Actually, from what he said, the TDS protocol (which I don't know at all) 
runs on top of TCP, so you need to use some sort of TCP flow reassembly to 
know which 2 (or whatever other number of) packets to join.

Have a nice day
GV

----- Original Message ----- 
From: "Adagio Grazioso" <adagiograzioso at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Friday, July 24, 2009 1:58 AM
Subject: Re: [Winpcap-users] Size of packet captured!


Tran,

If data is split into multiple packets, you can know which pkts belong
to a single message and how to join them from the IP Header fields -
Id, Offset and Flags.

For more details on the algorithm to use see
http://tools.ietf.org/html/rfc791 and
http://tools.ietf.org/html/rfc815

Adagio

On Fri, Jul 24, 2009 at 10:20 AM, tran thanh<xbachngoctuyetx at gmail.com> 
wrote:
> Dear Chang,
> Yes I got a packet only have 1516 bytes, so I must join 2 pakets to get 
> the
> all message,
> So in this case if the message is too long there will be more and more
> pakets,
> how do I know which pakets is from a message to join it together!
>
> P/S: I'm reading your link, it's very helpful, but I still not know how to
> resolve the problem.
> Regard,
> Tran Bach Thanh.
>
>
> On Fri, Jul 24, 2009 at 10:09 AM, David Chang <dchang at fsautomation.com>
> wrote:
>>
>> Tran,
>>
>> Standard TDS headers are 4 bytes long. The first byte is the 'packet
>> type'. The second byte is the 'last packet indicator'. The next two bytes
>> are the 'packet size'. Thus, in your case, you should have gotten a 
>> 'packet
>> size' that was greater than one Ethernet packet length (around 1500 
>> bytes).
>>
>> I suggest you look at: http://www.freetds.org/tds.html
>>
>> DC
>>
>> ----- Original Message -----
>> From: tran thanh
>> To: winpcap-users at winpcap.org
>> Sent: Thursday, July 23, 2009 7:31 PM
>> Subject: Re: [Winpcap-users] Size of packet captured!
>> Dear Varenni and Chang,
>> Firstly thanks for your help,
>> I'm using TCP!
>> I got Full TDS message from 2 packets,
>> But new matter is how do I know that 2(or more) pakets is from a TDS
>> message?
>> Thanks,
>> Tran Bach Thanh!
>>
>>
>> ________________________________
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users 



More information about the Winpcap-users mailing list