views:

40

answers:

1

im now currently developing a standalone c++ program that would list all the access URL in a browser and its corresponding response time....

at this point of time, i can already sniff all out and in going packets. i am using winpcap for this...

retrieved packets were filtered to by only those 'tcp port 80(http) or 443(https)'... and know i want to read some http headers. the problem i have is that usually ip are fragmented. I want to know how to reassemble this and how to have some details about the http..

Note: i want to implement that of WIRESHARK.. in every packet/frame, it has a 'REASSEMBLED TCP SEGMENT'

any idea or tutorials how i can easily attain this?!..

thanks alot!

A: 

You'll have to do the same thing TCP does to reassemble packets, which means parsing the header of the packets and sequencing them into another buffer. The worst program logic is probably dealing with missing information; you'll then have to see if it was flagged and retransmitted.

There are a number of RFCs which cover this: 675, 793, 1122 and others. If looking through those seems overwhelming, maybe back off and look at the Roadmap RFC, rfc 4614.

wallyk