On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus: > I've been trying to read some tcp payloads from a dump file > generated by tcpdump. Everything has been going smoothly until > I encounter tcp segment losses and tcp retransmissions.
By 'read some tcp payloads' I assume you're referring to being able to extract the contents of the conversation from an arbitrary TCP stream. This isn't a job for tcpdump/libpcap alone; to do this correctly requires that the code parse the TCP segments it sees much the same way as a real TCP stack does. Something like libnids might be what you need; also consider looking at snort. Regards, BMS - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
