Bruce M Simpson ([EMAIL PROTECTED]) wrote: > On Thu, Sep 23, 2004 at 01:29:33PM +0100, Andy Coates wittered thus: > > I've been trying to read some tcp payloads from a dump file > > generated by tcpdump. Everything has been going smoothly until > > I encounter tcp segment losses and tcp retransmissions. > > By 'read some tcp payloads' I assume you're referring to being able to > extract the contents of the conversation from an arbitrary TCP stream. > > This isn't a job for tcpdump/libpcap alone; to do this correctly requires > that the code parse the TCP segments it sees much the same way as a real > TCP stack does. Something like libnids might be what you need; also consider > looking at snort.
libnids is *perfect*, thank you :) Andy. -- n: Andy Coates e: [EMAIL PROTECTED] - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
