I notice if you get tcpdump to output the textual header also you get something like this.
10709:10941(232) which gives you the starting and ending byte range.
Is this information available in the IP header / tcp header ? I am thinking about times when you have intercepted two files at once.
How do you go about pieceing them together to the correct stream?
I see that there is an F flag for the final data send. I assume this is used, but do you generally use sequencenum, identification num or acknum at all?
A little help here would be appreciated.
Kind regards,
Matt.
--
Matty C
Sponsored by Orcon Internet NZ Ltd.
--- Begin Message --- Regarding reassembly,
I notice if you get tcpdump to output the textual header also you get something like this.
10709:10941(232) which gives you the starting and ending byte range.
Is this information available in the IP header / tcp header ? I am thinking about times when you have intercepted two files at once.
How do you go about pieceing them together to the correct stream?
I see that there is an F flag for the final data send. I assume this is used, but do you generally use sequencenum, identification num or acknum at all?
A little help here would be appreciated.
Kind regards,
Matt.
--- End Message ---
