firnsy
commented
13 years ago Fixed in 2a0c9156e13d5c758c57d16538f7853992056456
Closed gamelinux closed 13 years ago
firnsy
commented
13 years ago Fixed in 2a0c9156e13d5c758c57d16538f7853992056456
So after doing some test,
it seems that when I start to read from the right after the pcapfile-header (24bytes), I see that cxtracker is printing the start byte of the 2. packet in the session.
/tmp/2658 <-- 2658 is the offset outputed by cxtracker /tmp/24 <-- 24 the pcap file header
$ diff -u /tmp/2658 /tmp/24 --- /tmp/2658 2011-11-16 23:17:42.291931155 +0000 +++ /tmp/24 2011-11-16 23:17:32.531933229 +0000 @@ -1,3 +1,4 @@ +12:29:27.911430 IP 192.168.8.5.1032 > 71.86.84.8.3030: Flags [S], seq3489876656, win 65535, options [mss 1460,nop,nop,sackOK], length 0 12:29:27.960132 IP 71.86.84.8.3030 > 192.168.8.5.1032: Flags [S.], seq090130120, ack 3489876657, win 8192, options [mss 1380,nop,nop,sackOK],length 0 12:29:27.960366 IP 192.168.8.5.1032 > 71.86.84.8.3030: Flags [.], ack1, win 65535, length 0 12:29:28.031383 IP 192.168.8.5.1032 > 71.86.84.8.3030: Flags [P.], seq1:5, ack 1, win 65535, length 4
But this looks great!