Maybe you could try using Ethereal's libraries. I think it can group TCP connections (conversations in Ethereal's terminology) which might be of use to you.
Regards, Shiva > Hi, > > I'm a new user of libpcap. > > I am writing a program that is intended to monitor the requests made to > a server from various clients. I am using libpcap to capture all > packets directed to the server's IP and need to parse the _payload_ of > the TCP stream (i.e. isolate the application protocol messages, > discarding TCP retransmissions). I am currently parsing the TCP header > using sequence/ack fields to detect retransmissions and extract > payload. Could one suggest a better approach to this? > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
