Ethereal-users: Re: [Ethereal-users] newbye: Reassemble TCP packet by connection [2].

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Alex Bennee" <Alex.Bennee@xxxxxxxxxxx>
Date: Wed, 6 Jun 2001 16:37:13 +0100

I'm not sure having not used it myself but have a look for a utility called
tcpslice. I believe it does what you want.

Alex.








Luca Didaci <didaci@xxxxxx> on 06/06/2001 15:02:42
                                                                                
                                                                                
                                                                                


                                                              
                                                              
                                                              
 To:      ethereal-users@xxxxxxxxxxxx                         
                                                              
 cc:      didaci@xxxxxxxxxxxxx(bcc: Alex Bennee/MAIN/MC1)     
                                                              
                                                              
                                                              
 Subject: [Ethereal-users] newbye: Reassemble TCP packet by   
          connection [2].                                     
                                                              







Hello,
I need to reassemble TCP packet, (reassemble connections, NO fragment packet)
  in order to collect them by connection.

I use TETHEREAL, and I 've output like this:

TETHEREAL output ( or TCPDUMP output) :

<time> AAA.1037 > BBB.110: P 56:65(9) ack 1430 win 7331 (DF) ( connection 1)
<time> BBB.110 > AAA.1037: . 1430:2890(1460) ack 65 win 8760 (DF) (
connection 1)
<time> YYY.53 > XXX.2638: F 15:15(0) ack 151 win 32120 (DF) ( connection 2)
<time> BBB.110 > AAA.1037: P 2890:3478(588) ack 65 win 8760 (DF) (
connection 1)
<time> XXX.2638 > YYY.53: . ack 16 win 17506 (DF) ( connection 2)
<time> YYY.53 > XXX.2639: P 1:15(14) ack 150 win 32120 (DF) ( connection 2)
<time> AAA.1037 > BBB.110: . ack 3478 win 8760 (DF) ( connection 1)
<time> XXX.2639 > YYY.53: F 150:150(0) ack 15 win 17506 (DF) ( connection 2)
<time> YYY.53 > XXX.2639: . ack 151 win 32120 (DF) ( connection 2)

I need THIS output:

connection 1:

<time> AAA.1037 > BBB.110: P 56:65(9) ack 1430 win 7331 (DF)
<time> BBB.110 > AAA.1037: . 1430:2890(1460) ack 65 win 8760 (DF)
<time> BBB.110 > AAA.1037: P 2890:3478(588) ack 65 win 8760 (DF)
<time> AAA.1037 > BBB.110: . ack 3478 win 8760 (DF)

connection 2:
<time> YYY.53 > XXX.2638: F 15:15(0) ack 151 win 32120 (DF)
<time> XXX.2638 > YYY.53: . ack 16 win 17506 (DF)
<time> YYY.53 > XXX.2639: P 1:15(14) ack 150 win 32120 (DF)
<time> XXX.2639 > YYY.53: F 150:150(0) ack 15 win 17506 (DF)
<time> YYY.53 > XXX.2639: . ack 151 win 32120 (DF)

Yes it is simple, but... :-)

Any idea?

*Any* help would be appreciated.

Thanks,

Luca Didaci




Any help would be appreciated.
Thanks,



Luca Didaci
didaci@{tin.it,tiscalinet.it}


_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Attachment: att1.eml
Description: Binary data