Recently in the wireshark capture packets under Linux c analysis reorganization, but found that using fread and fwrite read data show that in the text is garbled, I have clear the cache, don't know if the problem of coding, but this aspect and do not understand, can have superior explain to me the idea (how to use c reorganization of TCP packets, and save the relevant data is better), the younger brother grateful,
Before my train of thought is: put the five tuples in the list, and then to a than a, conform to the content will be written to the file, but later found that writing the content is the total length of IP minus 40 bytes of the IP header and the TCP header, the data part, some of them are garbled,

CodePudding user response:

O master ah, good

CodePudding user response:

What counts is the port number in the TCP and the serial number of the package, the filter port number, and then copy the data in serial number of the order together, remember the last time to save the data serial number, if after receive is smaller than the number of packets is considered a retransmission packets, can lose to ignore,

CodePudding user response:

Eldest brother, you can have this aspect of the code, could you show me, to learn, thank you,

CodePudding user response:

This is not, write it myself

CodePudding user response:

You can use libpcap caught, will get a full packet, analysis and processing libnet again after send out