Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: How to assemble TCP packet?

How to assemble TCP packet? 8 years 6 months ago #25310

  • andybee
  • andybee's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
I develop a program that analyze http protocol.
I finished capturing a packet layer 2 from network card and analyzing the headers of layer 2,3,4.
I finished analyzing header of http too.
But at layer 4(TCP), I cannot assemble the packets to PDU.

Please show me the way to assemble TCP packet like Wireshark.

+ how can we know that a packet is the end of PDU?
+ how can we collect the packet of a PDU?
+ how can we check the error (time-out packet, retransmission packet)?

I researched many documents but didn't found the solution. :(
Thanks for your help so much.
Andy.
The administrator has disabled public write access.

Re: How to assemble TCP packet? 8 years 6 months ago #25311

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
+ how can we know that a packet is the end of PDU?

Not so sure, but did you check the FIN flag in TCP headers. It indicates that the sender has no more data. More here: en.wikipedia.org/wiki/Transmission_Control_Protocol
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: How to assemble TCP packet? 8 years 6 months ago #25314

  • andybee
  • andybee's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
+ how can we know that a packet is the end of PDU?

Not so sure, but did you check the FIN flag in TCP headers. It indicates that the sender has no more data. More here: en.wikipedia.org/wiki/Transmission_Control_Protocol

I wish that this can solve my problem, but it cannot.

PDU = Protocol Data Unit.
In HTTP, PDU = request or response
In TCP, from 3-handshaking to FIN, there are too many PDU send and receive between client & server. So we cannot use FIN flag to seperate PDUs.
The administrator has disabled public write access.

Re: How to assemble TCP packet? 8 years 6 months ago #25317

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Let me make it clear to me, You have multiple http connections going on, and you are not sure which are the correct TCP packets to collect and decode into the correct http connection. Is that it ?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: How to assemble TCP packet? 8 years 6 months ago #25325

hi solo, yes, u right!
The administrator has disabled public write access.

Re: How to assemble TCP packet? 8 years 6 months ago #25327

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Ok, What happens when you try tracing sequence numbers?, as far as I know, this is how it works:

Say Host A is talking to host B. And at the same time host A to host C. (you are A). The initiator of any TCP connection (in this case host A) starts with some random sequence number. Each TCP packet (segment) needs to be acknowledged. If a packet is sent with a sequence number of say 1000. Then the receiver (Host B) has to acknowledge it by sending a packet with the ACK flag set and the acknowledgment field set to 1001 (meaning it is expecting a TCP packet with sequence 1001 as the next packet). Now for those packets that B sends to A. They also have sequence numbers that are initiated by B and they are different than 1000. Same thing applies, every TCP packet (segment) sent by B needs to be ACKed by A. Say the first was 650, then host A sends an ACK of 651. B sends the next packet with seq. 651, host A replies with an ACK of 652 and so on.

Now, while this is happening. Say that A initiates another connection with C. It will again start with another (totally different) sequence number, say 200. Again host C has to acknowledge this packet with an ACK of 201. and the story goes again.

tracing sequence numbers and ACKs you should be able to know which packets are for which connection. Does that make sense?

Thats as far as I know, there are some more complications and details.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup