I've been tryind to get the relative sequence and ack numbers for some comparison, but i cannot seem to find a way to get the relative in jNetPcap? I can get the absolute value for both, but this that i am not interested in.
Anyone know how to retrieve the relatives?
Thanks in advance.
You need to analyze TCP sessions which start by SYN and end by FIN.
Firstly, collect TCP packets sent between a pair of endpoints (distinguished by an IP address and a port)
Then, divide them into sessions. A session starts with a TCP packet with syn==true and ack=false, and ends with two TCP packets with fin=true from client and server.
The client sequence number offset in a session is one plus the sequence number of the TCP packet with syn==true and ack==false.
The server sequence number offset in a session is one plus the sequence number of the TCP packet with syn==true and ack==true.
The client sequence number offset is the server ack number offset, and vice versa.
A relative number is absolute value minus offset.
