I am piecing sequences together using the following basic algorithm,
1.When a packet arrives with a start flag, i create a sequence with an expected id.
2.If a packet arrives with that seq number, I append and then inc the expected id with the packet size., until 1 of the following happens.
a) I receive a finish.
b) I receive a reset
c) the sequence times out.
Is this sufficient, or must I pair up both the send and receive sequences ?
I have done it this way, purely for speed, but want to know if this is acceptable or not.
I have noticed for most traffic this is sufficient, but under HTTP 1.1 with keep alive, I am losing some sequences... I think it might be related.
Any comments would be much appreciated.
Regards,
Matt.
- [tcpdump-workers] Request for DLT_ assignment: DLT_FIREWIR... dieter
- Re: [tcpdump-workers] Request for DLT_ assignment: DL... Guy Harris
- Re: [tcpdump-workers] Request for DLT_ assignment... Dieter Siegmund
- Re: [tcpdump-workers] Request for DLT_ assign... Guy Harris
- Re: [tcpdump-workers] Request for DLT_ as... David Young
- Re: [tcpdump-workers] Request for DL... Guy Harris
- [tcpdump-workers] Re: seq reconstruction. Matt Comb
- [tcpdump-workers] Re: seq reconstruction. Greg Stark
