From: Alex Behar (alex-b_at_nonexisting.hamakor.org.il)
Date: Sat 24 Jul 2004 - 05:12:21 IDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 24 July 2004 03:52, Alex Behar wrote:
> On Friday 23 July 2004 00:52, you wrote:
> > Hi all.
> >
> > I need to build some packet analyzing application.
> > It will be executed on linux gateway.
> > I need to read stream of data after tcp reassembly.
> >
> > Is their any way kernel can provide me with
> > reassembled data, or I need to use some library like
> > libnids to reassemble tcp packets ??
>
> If you are dealing with session sniffing or/and reconstruction, you could
> try the kernel's very own socket infrastructure from socket.h (PF_PACKET,
> packet(7)).
> But again, libpcap [1] might be a good way to do that too.
> Good luck.
>
> Best regards,
> Alex
>
> [1] http://www.tcpdump.org/
Excuse my ignorance,
indeed, libnids is the thing to go for in this case, unless you want to write
an own reassembly implementation.
Best regars,
Alex
- --
The difference between theory and practice, is that in theory,
there is no difference between theory and practice.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBAcWPfDQ3s2iW3q0RAuPGAJ49MOp8qhaxDa1SXj1dDOFTXro5vwCgkWNZ
QcI+cFBFlO/YcRzAU5rW0Vk=
=TOCC
-----END PGP SIGNATURE-----
================================To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Sat 24 Jul 2004 - 05:21:53 IDT