This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to write multiple TCP segments into PCAP file?

0

Hello all,

I am able to successfully write one TCP packet with payload to a PCAP file. The written PCAP file has one frame obviously.

Now, I need to write multiple frames into this PCAP file. Here is the procedure I have done so far to write two frames into PCAP file:

1> write global header pcap_hdr_t
2> write first packet header pcaprec_hdr_t
3> write first packet data(TCP with a payload of 10 bytes)
4> write second packet header pcaprec_hdr_t
5> write second packet data(TCP with a payload of 4 bytes)

For the sequence and acknowledge numbers, I always write 0 as follows:

tcpHeader.seq_num = 0x00;
tcpHeader.ack_num = 0x00;

After loading the generated PCAP with wireshark, the complains that "This frame is out of order segment". Basically, I have two sequence of bytes and need to store them as PCAP format(i.e. payloads of TCP packet) and I don't care about the ACK etc typically come with TCP/IP packet from network.

Question> What is the correct way to fix this issue?

Thank you

alt text

alt text

asked 05 May '17, 13:48

q0987's gravatar image

q0987
16225
accept rate: 0%

edited 05 May '17, 14:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

1

You need to increment the TCP sequence number for the second packet by the amount of TCP payload bytes in the first packet, so it needs to be 10, not 0 for the second packet. The third packet (if you're going to write it later) has to have a sequence number of 14 (10 from the first, 4 from the second packet), and so on.

answered 05 May '17, 14:10

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%