tremendows
Reputation: 4382
Detecting retransmitted packet with libpcap
I'm filtering packets with libpcap with a filter like "tcp src localhost". It filters all the packets whose source is localhost (my host).
When localhost doesn't receive a TCP confirmation of an already sendt packet, localhost will forward the packet.
Not all the packets filtered by libpcap will arrive to its destination, and I need to identify when a packet is a "forwarded packet". Is there any way with libpcap to identify a forwarded packet?
Upvotes: 1
Views: 3894
Answers (1)
jman
Reputation: 11606
By my understanding, you're looking for TCP retransmissions. These can be found by display fitters in wireshark after capturing. These two should help you:
- Retransmitted packets can be found through the display filter
tcp.analysis.retransmission(more such filters). - When the receiver gets an out-of-order packet (usually indicates lost packet), it sends a ACK for the missing seq number. This is a duplicate ACK and these can be found by using
tcp.analysis.duplicate_ack(details).
Upvotes: 1
Related Questions
- Append packet to PCAP with Scapy got TCP Retransmission
- How to Find TCP Retransmissions while sniffing packets in C
- How determine a packet protocol in libpcap?
- Is it possible to filter TCP retranmission packet in tcpdump?
- How could I find TCP retransmission and packet loss from pcap file?
- Client Hello TCP Retransmission from wireshark
- How to determine packet direction using libpcap?
- Is it possible to not include retransmitted packets from a libpcap capture?
- How to detect retransmited packets to discard them in TCP Sockets in java
- Does libpcap get a copy of the packet?