Capturing request and reply packets

Oct 22, 2011 at 8:39 AM

Hi Boaz,

Any steps to capture both request and reply packets in one call?

Currently I'm analyzing packets that passes in my network and sorting it accordingly however I need to group those as one common transaction.

Is this possible?

 

Cheers!

techguy

Coordinator
Oct 22, 2011 at 9:10 AM

Hi techguy,

 

I'm not sure what you mean by "request" and "reply".

What protocol are you referring? HTTP?

 

You can capture all packets in one call by simply sniffing all packets.

Pcap.Net works on each packet separately. There is no assumption on any relationship between different packets.

 

Maybe you can give me an example of what you need and why doesn't postprocess of the packets work for you.

 

I hope this helps,

Boaz.

Oct 22, 2011 at 9:47 AM

Hi Boaz,

Thanks from quick response, I mean request and reply is to consolidate all related packets as one for any TCP session. My application doesn't interfere nor re-writing the response packet; just we need to be sure that captured packets are in a group in one session.

 

Cheers!

techguy

Coordinator
Oct 22, 2011 at 10:13 AM

Hi techguy,

 

TCP session grouping is non-trivial.

Basically I suggest you simply group all TCP packets that are between the same IPs and ports (regardless of direction).

You can create a filter to do that and then simply sniff all packets that pass this filter.

 

Boaz.

Oct 22, 2011 at 10:17 AM

Hi Boaz,

Thanks I will work on it so far we are doing the same approach after we capture packets and store then in database and we need to implement it in a high performance approach.

 

techguy