Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question regarding Reassembly and Fragmentation #1689

Open
zyl-one opened this issue Jan 17, 2025 · 0 comments
Open

Question regarding Reassembly and Fragmentation #1689

zyl-one opened this issue Jan 17, 2025 · 0 comments
Labels
question

Comments

@zyl-one
Copy link

zyl-one commented Jan 17, 2025
edited
Loading

Question

I am trying to parse TLS packets for SNI (Server Name Indication) over TCP. Most of the packets I see in Wireshark show that they are reassembled. (I'm not sure if this is TCP reassembly or IP fragmentation, as I have only recently started exploring these topics).

I am trying to understand how TCP reassembly and IP fragmentation work in PcapPlusPlus.

Should I handle IP fragmentation first and then pass the stream of data for TCP reassembly?
Is there a way to parse TCP packets directly after TCP reassembly in PcapPlusPlus (i.e., parse immediately if there are no segments, or reassemble and parse if there are segments, just like Wireshark)?

Image

Operating systems

Windows, Linux (v23.09)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zyl-one