I used the sample tcp stream follower example given in stream_dump.cpp changed the sniffer to FileSniffer and just added a counter to check the number of packets match in the on_client_data and on_server_data methods and compared using wireshark.
I checked in one of the file the counter value matches the "Displayed" packet in wireshark
However, when I checked for another file.. the counter values were incorrect and doesn't match the "Displayed" packet in wireshark , also its considering the reverse direction as [+]New connection as below
C:\WINDOWS\system32>Libtins_Testing.exe sample2.pcap
Starting capture on interface C:/Users/RRS4FE/Desktop/sample2.pcap
[+] New connection 192.168.40.30:57058 - 192.168.40.16:1802
[+] New connection 192.168.40.16:1802 - 192.168.40.30:57058
289586
110079
Please suggest what could be the issue and what changes can be done to fix the issue as soon as possible.
Hi All,
I used the sample tcp stream follower example given in stream_dump.cpp changed the sniffer to FileSniffer and just added a counter to check the number of packets match in the on_client_data and on_server_data methods and compared using wireshark.
I checked in one of the file the counter value matches the "Displayed" packet in wireshark
C:\WINDOWS\system32>Libtins_Testing.exe sample1.pcap Starting capture on interface sample1.pcap [+] New connection 192.168.40.30:4039 - 192.168.40.18:1802 [+] Connection closed: 192.168.40.30:4039 - 192.168.40.18:1802 620 160242
However, when I checked for another file.. the counter values were incorrect and doesn't match the "Displayed" packet in wireshark , also its considering the reverse direction as [+]New connection as below
C:\WINDOWS\system32>Libtins_Testing.exe sample2.pcap Starting capture on interface C:/Users/RRS4FE/Desktop/sample2.pcap [+] New connection 192.168.40.30:57058 - 192.168.40.16:1802 [+] New connection 192.168.40.16:1802 - 192.168.40.30:57058 289586 110079
Please suggest what could be the issue and what changes can be done to fix the issue as soon as possible.