OSQA is unmaintained. Help us figure out where to go from here.

Hello all,

I am able to successfully write one TCP packet with payload to a PCAP file. The written PCAP file has one frame obviously.

Now, I need to write multiple frames into this PCAP file. Here is the procedure I have done so far to write two frames into PCAP file:

1> write global header pcap_hdr_t
2> write first packet header pcaprec_hdr_t
3> write first packet data(TCP with a payload of 10 bytes)
4> write second packet header pcaprec_hdr_t
5> write second packet data(TCP with a payload of 4 bytes)

For the sequence and acknowledge numbers, I always write 0 as follows:

tcpHeader.seq_num = 0x00;
tcpHeader.ack_num = 0x00;

After loading the generated PCAP with wireshark, the complains that "This frame is out of order segment". Basically, I have two sequence of bytes and need to store them as PCAP format(i.e. payloads of TCP packet) and I don't care about the ACK etc typically come with TCP/IP packet from network.

Question> What is the correct way to fix this issue?

Thank you

alt text

alt text

asked 05 May, 13:48

q0987's gravatar image

accept rate: 0%

edited 05 May, 14:52

Guy%20Harris's gravatar image

Guy Harris ♦♦

You need to increment the TCP sequence number for the second packet by the amount of TCP payload bytes in the first packet, so it needs to be 10, not 0 for the second packet. The third packet (if you're going to write it later) has to have a sequence number of 14 (10 from the first, 4 from the second packet), and so on.

permanent link

answered 05 May, 14:10

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 05 May, 13:48

question was seen: 285 times

last updated: 05 May, 14:52

p​o​w​e​r​e​d by O​S​Q​A