如何重组TCP数据包 [英] How To Reassemble TCP Packets

问题描述

我知道被嗅探的TCP数据包是流中的数据包.

我如何重新组合这些TCP数据包?..我正在使用winsock.大量嗅探到那里，但没有任何关于重新组装的!!!!!!

谢谢！

I know that TCP packets being sniffed are packets in a stream.

How can I reassemble these TCP packets?.. I am using winsock. Plenty on sniffing out there but nothing on reassembly!!!!!!

Thanks!

推荐答案

也许可以帮上忙，这里有答案:

如何重新组装TCP数据包 [
如果您想查看浏览器和Web服务器之间的数据包内容(您曾问过的其他问题说您想重新组合数据包以查看HTTP标头/MIME类型)，那么您会很有趣解码.

您正在查看标准OSI 7层网络模块的最上层层.也就是说，您要查看两个协作应用程序(浏览器-Web服务器)之间的消息内容.

您正在使用发现的嗅探器观察该模型的最底部层，数据链路层(线路上的位).

yada，yada分别从电线，路由层，会话层传递的每一层，使用其自己的协议包装(向下)或解包(向上)来自上一层的数据.例如，这就是您的PC中的一个浏览器可能具有指向两个不同Web服务器的两个活动链接，并使活动重叠，而数据包未在应用程序中混合的方式.不同的层允许它们通过一个公共网关共享同一条线，并进入无定形的云(即Internet)，而不会弄乱数据的顺序和流.

如果要进行反向工程，以便可以看到正在下载的文件或正在显示的网页，则需要进行大量研究和工作.

从这里开始:-> TCP/IP模型 [ OSI模型 [

maybe this can help, there were answers in here:

How to Reassemble TCP Packets[^]

Based on your replies to other messages:

Google "TCP Packet Format" and you''ll find all you ever wanted to know about packets.

If you are wanting to look at the content on packets going between a browser and a web server (other questions you''ve asked said you want to reassemble packets to see the HTTP Headers / Mime Types), then you are in for some fun decoding.

You are looking into the topmostlayer of a standard OSI 7 Layer Network module. That is, you are wanting to look at the content of a message between two cooperating applications (Browser - Web Server).

You are observing, using the sniffer you found, the bottom-most layer of that model, the datalink layer (bits on the wire).

Each layer as it passes from the wire, through the routing layer, through the session layer, yada, yada, wraps (going down) or unwraps (going up) the data from the previous layer with its own protocol. It''s how, for example, one browser in your PC might have two active links to two different web servers and overlapping the activity yet the packets are not intermixed in the application. The various layers allow them to share the same wire, through a common gateway, and into the amorphous cloud that is the internet without messing up the sequence and flow of the data.

If you want to reverse engineer that so you can see the files being downloaded or the web pages being displayed, you need to do a lot of research and work.

Start here: --> TCP/IP Model[^] or here: --> OSI Model[^] and then head off to the protocol documents to find out how to unwrap the bits.

这篇关于如何重组TCP数据包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！