Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can libpcap reassemble TCP segments

Tags:

linux

network-programming

capture

pcap

I need to sniff TCP traffic into my application.

Can libpcap reassemble TCP segments or I have to do it manually?

The home page says "Full documentation is provided with the source packages in man page format". After I sudo apt-get install libpcap-dev I only find one man pcap. Is it all the documentation available or I simply missed something?

Thanks

like image 750
jackhab Avatar asked Dec 09 '25 12:12

jackhab

2 Answers

Packet or stream reassembly is not mentioned in pcap(3).

If I remember correctly, the dsniff tools use libnids to reassemble IP packets and TCP streams.

like image 118
hillu Avatar answered Dec 11 '25 01:12

hillu

Three years ago I used libpcap and I had to reassemble TCP streams myself, it's not very difficult but it's full of corner cases.

You may look at wireshark dissectors and «follow TCP stream» option if license (GPLv2) is ok for your project.

like image 45
darkk Avatar answered Dec 11 '25 03:12

darkk
Sign in to Comment

Related questions

how to make "xhost +local:host" be effective forever so I do not need to set it everytime the computer boots?
What is the compelling use case for the FD_CLOEXEC flag?
Can hard restart of machine hosting PostgreSQL change PostgreSQL sequence?
How accurate is amdahl's law?
How to add /usr/share/java libs to webapp's classpath?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!