如何重新组装TCP段？ [英] how to reassemble tcp segment?

问题描述

我正在开发一个使用winpcap的项目..因为我知道被嗅探的数据包通常是碎片包。

如何重新组合这个TCP segements？..任何想法，建议或教程可用吗？..

我认为这是我可以查看HTTP标头的唯一方法...

谢谢！..

解决方案

tcp是字节流协议。
http应用程序发送的字节序列封装在tcp数据段中，并且在将数据传送到另一端的应用程序之前重新创建字节流。
，因为您使用winpcap访问tcp数据集，您需要转到该段的数据部分。 tcp的标题有一个20字节的固定长度+一个可选的部分你需要使用winpcap api来确定。

tcp段中数据部分的长度是通过从总长度（从ip数据报中的另一个字段获得）中减去tcp头长度（从tcp段中的字段获得）和ip头长度（来自封装tcp段的ip数据报中的字段）来确定。

所以现在你有了段的总长度和数据部分的长度。所以你知道http请求数据开始的偏移量。

偏移量是

 数据部分的总长度 -  
或
 ip-header的长度+ tcp头的长度
  

我没有使用过winpcap。所以你必须找出如何使用api获取这些字段。

同样ip datagrams可能会进一步碎片但我希望你只提供重新组装的数据报这个api。你很高兴！

im now developing a project using winpcap..as i have known packets being sniffed are usually fragmented packets.

how to reassemble this TCP segements?..any ideas, suggestion or tutorials available?..

this i assume to be the only way i can view the HTTP header...

thanks!..

解决方案

tcp is a byte stream protocol. the sequence of bytes sent by your http application is encapsulated in tcp data segments and the byte stream is recreated before the data is delivered to the application on the other side. since you are accessing the tcp datasegments using winpcap, you need to go to the data portion of the segment. the header of tcp has a fixed length of 20 bytes + an optional part which you need to determine using the winpcap api.

the length of data part in the tcp segment is determined by subtracting the tcp header length (obtained from a field in the tcp segment) and the ip header length (from a field in the ip datagram that encapsulates the tcp segment) from the total length (obtained from another field in the ip datagram).

so now you have the total segment length and the length of the data part within the segment. so you know offset where the http request data starts.

the offset is

total length-length of data part
or
length of ip-header + length of tcp header

i have not used winpcap. so you will have to find out how to get these fields using the api.

also ip datagrams may be further fragmented but i am expecting that you are provided only reassembled datagrams using this api. you are good to go!

这篇关于如何重新组装TCP段？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！