I have an application in Java that analyses .pcap files using jnetpcap library. I need to remove all the duplicated, retransmitted and out-of-order packets. Is there any way I can use the jnetpcap library to do that? At least to remove the duplicated packets.
Asked
Active
Viewed 1,114 times
2
-
Wireshark has a 'follow connection' option, which seems like a much better path to pursue than this one. – user207421 Aug 06 '12 at 02:55
2 Answers
0
You can use sequence number and check it for repetitious. if now sequence number less or equal than last valid sequence number you can drop it.you can get sequence number with seq() function.
Tcp tcp = new Tcp();
tcp.seq();
Sajad Bahmani
- 17,325
- 27
- 86
- 108
0
Note: The jnetpcap library does not currently support TCP Reassembly, which is required in order to do the complex functions you have requested. However to do some or all of them is possible relatively easily with matching.
Matching Requests to Responses and Removing Duplicates
The source port of a request will match the destination port of a response. The ack of a request will match the seq of a response. This should be helpful to match one request to one response.
Now with retransmissions (aka. duplicates)...
A retransmission request will have the same information as its counterpart. The same src, dst, ack, and seq number.
I know a lot more about pcap files and packets, if you contact me.
gagarwa
- 1,426
- 1
- 15
- 28