Hello all,

I am able to successfully write one TCP packet with payload to a PCAP file. The written PCAP file has one frame obviously.

Now, I need to write multiple frames into this PCAP file. Here is the procedure I have done so far to write two frames into PCAP file:

1> write global header pcap_hdr_t
2> write first packet header pcaprec_hdr_t
3> write first packet data(TCP with a payload of 10 bytes)
4> write second packet header pcaprec_hdr_t
5> write second packet data(TCP with a payload of 4 bytes)

For the sequence and acknowledge numbers, I always write 0 as follows:

tcpHeader.seq_num = 0x00;
tcpHeader.ack_num = 0x00;

After loading the generated PCAP with wireshark, the complains that "This frame is out of order segment". Basically, I have two sequence of bytes and need to store them as PCAP format(i.e. payloads of TCP packet) and I don't care about the ACK etc typically come with TCP/IP packet from network.

Question> What is the correct way to fix this issue?

Thank you

alt text

alt text

You need to increment the TCP sequence number for the second packet by the amount of TCP payload bytes in the first packet, so it needs to be 10, not 0 for the second packet. The third packet (if you're going to write it later) has to have a sequence number of 14 (10 from the first, 4 from the second packet), and so on.

