Can libpcap reassemble TCP segments

血红的双手。 提交于 2019-12-04 04:43:22

问题


I need to sniff TCP traffic into my application.

Can libpcap reassemble TCP segments or I have to do it manually?

The home page says "Full documentation is provided with the source packages in man page format". After I sudo apt-get install libpcap-dev I only find one man pcap. Is it all the documentation available or I simply missed something?

Thanks


回答1:


Packet or stream reassembly is not mentioned in pcap(3).

If I remember correctly, the dsniff tools use libnids to reassemble IP packets and TCP streams.




回答2:


Three years ago I used libpcap and I had to reassemble TCP streams myself, it's not very difficult but it's full of corner cases.

You may look at wireshark dissectors and «follow TCP stream» option if license (GPLv2) is ok for your project.




回答3:


On my (slightly older) system:

root@tower:~/desktop/ccan/ccan/tap # dpkg -L libpcap0.7-dev
/.
/usr
/usr/lib
/usr/lib/libpcap.a
/usr/include
/usr/include/net
/usr/include/net/bpf.h
/usr/include/pcap.h
/usr/include/pcap-namedb.h
/usr/share
/usr/share/man
/usr/share/man/man3
/usr/share/man/man3/pcap.3.gz

Hmm, seems like they should be there:

root@tower:~/desktop/ccan/ccan/tap # man 3 pcap
Reformatting pcap(3), please wait...

You should have man/3 docs, I looked at mine, the formatting is just wretched. I grabbed the source to the library via apt-get source, it looks like the only docs bundled either way are the man pages.

You might try their mailing list, if you do, be sure to answer your question here :)




回答4:


No, libpcap will not do TCP segment reassembly - libpcap captures packets, but processing the packet data is left up to the application or a library used by the application.

As for the man pages, older versions of libpcap just have the pcap(3) man page, newer versions have, in addition to pcap(3PCAP), a bunch of other man pages for particular routines.



来源:https://stackoverflow.com/questions/600087/can-libpcap-reassemble-tcp-segments

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!