search

simsong / tcpflow

TCP/IP packet demultiplexer. Download from:
http://downloads.digitalcorpora.org/downloads/tcpflow/
GNU General Public License v3.0
1.68k stars 237 forks source link

incorrectly reassembling tcp stream #69

Open ibeex opened 10 years ago

ibeex commented 10 years ago

I haw TCP stream with lots off retransmits and when I try to extract specific flow that flow is corrupted. (it is JPG so I can see) When I select tat same flow in Wireshark and do follow tcp stream save raw, stream is OK (JPG). I can provide stream via email.

simsong commented 10 years ago

Please send to simsong@acm.org

Sent from my phone. Please Call me at 202-322-8411 if you wish a longer response.

On Feb 6, 2014, at 10:40 AM, ibeex notifications@github.com wrote:

I haw TCP stream with lots off retransmits and when I try to extract specific flow that flow is corrupted. (it is JPG so I can see) When I select tat same flow in Wireshark and do follow tcp stream save raw, stream is OK (JPG). I can provide stream via email.

— Reply to this email directly or view it on GitHub.

ibeex commented 10 years ago

It seems that PCAP contains double captured data, so basicly tcpflow is working OK.

simsong commented 10 years ago

It should do a better job in this situation. May I add the PCAPs to the repository as a test case?

ibeex commented 10 years ago

Yes