Ethereal-users: [Ethereal-users] newbye: Reassemble TCP packet by connection [2].

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Luca Didaci <didaci@xxxxxx>
Date: Wed, 06 Jun 2001 16:02:42 +0200
Hello,
I need to reassemble TCP packet, (reassemble connections, NO fragment packet)
 in order to collect them by connection.

I use TETHEREAL, and I 've output like this:

TETHEREAL output ( or TCPDUMP output) :

<time> AAA.1037 > BBB.110: P 56:65(9) ack 1430 win 7331 (DF) ( connection 1)
<time> BBB.110 > AAA.1037: . 1430:2890(1460) ack 65 win 8760 (DF) ( connection 1) 
<time> YYY.53 > XXX.2638: F 15:15(0) ack 151 win 32120 (DF) ( connection 2)
<time> BBB.110 > AAA.1037: P 2890:3478(588) ack 65 win 8760 (DF) ( connection 1) 
<time> XXX.2638 > YYY.53: . ack 16 win 17506 (DF) ( connection 2)
<time> YYY.53 > XXX.2639: P 1:15(14) ack 150 win 32120 (DF) ( connection 2)
<time> AAA.1037 > BBB.110: . ack 3478 win 8760 (DF) ( connection 1)
<time> XXX.2639 > YYY.53: F 150:150(0) ack 15 win 17506 (DF) ( connection 2)
<time> YYY.53 > XXX.2639: . ack 151 win 32120 (DF) ( connection 2)

I need THIS output:

connection 1:

<time> AAA.1037 > BBB.110: P 56:65(9) ack 1430 win 7331 (DF)
<time> BBB.110 > AAA.1037: . 1430:2890(1460) ack 65 win 8760 (DF)
<time> BBB.110 > AAA.1037: P 2890:3478(588) ack 65 win 8760 (DF)
<time> AAA.1037 > BBB.110: . ack 3478 win 8760 (DF)

connection 2:
<time> YYY.53 > XXX.2638: F 15:15(0) ack 151 win 32120 (DF)
<time> XXX.2638 > YYY.53: . ack 16 win 17506 (DF)
<time> YYY.53 > XXX.2639: P 1:15(14) ack 150 win 32120 (DF)
<time> XXX.2639 > YYY.53: F 150:150(0) ack 15 win 17506 (DF)
<time> YYY.53 > XXX.2639: . ack 151 win 32120 (DF)

Yes it is simple, but... :-)

Any idea?

*Any* help would be appreciated.

Thanks,

Luca Didaci




Any help would be appreciated.
Thanks,



Luca Didaci
didaci@{tin.it,tiscalinet.it}