Can libpcap collect TCP segments

Question

Can libpcap collect TCP segments

I need to sniff TCP traffic in my application.

Can libpcap reassemble TCP segments or do I need to do this manually?

The homepage says: "Full documentation is provided with the source packages in the manual page format." After I sudo apt-get install libpcap-devI find only one person pcap. Is all the documentation available or am I just missing something?

thanks

+3

linux networking capture pcap

jackhab Mar 01 '09 at 16:50

source share

4 answers

libpcap, TCP- , , .

wirehark "follow TCP stream", (GPLv2) .

+4

darkk 03 . '09 20:20

( ) :

root@tower:~/desktop/ccan/ccan/tap # dpkg -L libpcap0.7-dev
/.
/usr
/usr/lib
/usr/lib/libpcap.a
/usr/include
/usr/include/net
/usr/include/net/bpf.h
/usr/include/pcap.h
/usr/include/pcap-namedb.h
/usr/share
/usr/share/man
/usr/share/man/man3
/usr/share/man/man3/pcap.3.gz

, , :

root@tower:~/desktop/ccan/ccan/tap # man 3 pcap
Reformatting pcap(3), please wait...

/3 , , . apt-get source, , , , man-.

, , :)

+2

Tim post Mar 01 '09 at 16:59

source share

No, libpcap will not reassemble the TCP segment - libpcap captures packets, but packet data processing remains up to the application or library used by the application.

As for man pages, older versions of libpcap only have a pcap (3) man page; in newer versions, besides pcap (3PCAP), there are a bunch of other man pages for certain procedures.

+1

user862787 Oct 19 '12 at 20:15

source share

hillu · Accepted Answer · 2009-03-01T21:20:48+0000

Reassembling packages or streams is not mentioned in pcap (3).

, dsniff libnids IP TCP.

Can libpcap collect TCP segments

More articles: