-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 24 July 2004 03:52, Alex Behar wrote: > On Friday 23 July 2004 00:52, you wrote: > > Hi all. > > > > I need to build some packet analyzing application. > > It will be executed on linux gateway. > > I need to read stream of data after tcp reassembly. > > > > Is their any way kernel can provide me with > > reassembled data, or I need to use some library like > > libnids to reassemble tcp packets ?? > > If you are dealing with session sniffing or/and reconstruction, you could > try the kernel's very own socket infrastructure from socket.h (PF_PACKET, > packet(7)). > But again, libpcap [1] might be a good way to do that too. > Good luck. > > Best regards, > Alex > > [1] http://www.tcpdump.org/
Excuse my ignorance, indeed, libnids is the thing to go for in this case, unless you want to write an own reassembly implementation. Best regars, Alex - -- The difference between theory and practice, is that in theory, there is no difference between theory and practice. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAcWPfDQ3s2iW3q0RAuPGAJ49MOp8qhaxDa1SXj1dDOFTXro5vwCgkWNZ QcI+cFBFlO/YcRzAU5rW0Vk= =TOCC -----END PGP SIGNATURE----- ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
