Hey Michael,
argus is a real-time flow monitor that may be of
some assistance. argus will reassemble TCP sessions
from packet files or live network traffic and provide
aggregate statistics, such as byte and packet counts,
acknowledged bytes, TCP state transitions, packet
retransmission counts, window size, TCP options negotiated,
ECN detection, TCP flow control indications, for both
the source and the destination. argus also provides
TCP handshake establishment times, to the uSec as well as
total duration times.
argus handles IP fragment reassembly and you can ask
it to capture up to 512 bytes of the payload that it
sees.
You can configure argus to generate status reports
on flows at any time interval, down to a second, and there
are aggregation tools so that you can manage the data
that you generate.
http://qosient.com/argus
If you have any question, don't hesitate to ask!!
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
[EMAIL PROTECTED]
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On
> Behalf Of Crogan, Michael L
> Sent: Thursday, July 26, 2001 3:41 PM
> To: '[EMAIL PROTECTED]'
> Cc: '[EMAIL PROTECTED]'
> Subject: [tcpdump-workers] Packet reassembly code
>
>
> Dear Tcpdump Group:
>
> Do libpcap or tcpdump support reassembly of TCP sessions
> (such as ftp) gathered by network traffic sniffing? If not,
> is there a package available which does? Advice on this
> issue would be greatly appreciated.
>
> Thank you,
>
> Michael L Crogan
>
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.htm> l
> To
> unsubscribe use
> mailto:[EMAIL PROTECTED]?body=unsubscribe
>
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
