This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

using “follow tcp stream” code in my c project

0

I want to assemble all tcp sessions from real time and save payload to file.

Is there such a c library wireshark 'follow tcp stream'?

(I tried using the libnids. However, the TCP sequence order is not correct.)

wireshark a->b->c->d->e

libnids or tcpflow : a->c->b->d->e ???

asked 31 Jan '15, 22:01

goesang's gravatar image

goesang
11114
accept rate: 0%


2 Answers:

1

Is there such a c library wireshark 'follow tcp stream'?

no, there isn't. "Follow TCP Stream" is tightly integrated into the code and not available as a separate library.

I want to assemble all tcp sessions from real time and save payload to file.

Furthermore, if you are trying to do this in real time, Wireshark/tshark is (probably) the wrong tool for you, as it was not designed to work that way.

See my answer to a similar question and the links therein.

https://ask.wireshark.org/questions/26224/plain-text-automatic-save

Regards
Kurt

answered 10 Feb '15, 03:10

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

0

I can recommend you PcapPlusPlus which is a C++ library that can do exactly that. Please take a look at the TcpReassembly example that does what you ask which is reassemble TCP data from packets being captured from live traffic or from pcap file.

answered 23 Jul '16, 12:29

seladb's gravatar image

seladb
11
accept rate: 0%

edited 23 Jun '17, 14:51