Re: end of tcp stream .

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi guys

I uploaded 10 pictures of the sniffer output (commercial sniffer, not my
sniffer ...)

http://planet.nana.co.il/develop/Sniffer/Sniff.htm

In the 5 first pictures you can see the 5 frames I?m trying to assemble,
The PUSH flag is 0 in all frames except of the last one,
My sniffer works great with the software simulation program, because I?m
searching the PUSH flag.


dataFrame1 push=0
dataFrame2 push=0
AckFrame
dataFrame3 push=0
dataFrame4 push=0
AckFrame
dataFrame5 push=1

the conditioning in the lab is different (next 5 pictures)
there is a UNIX station transmitting data ,
this is the same data size as the software simulation
but the difference is in the PUSH flag

I get the push flag before ACK frame .

dataFrame1 push=0
dataFrame2 push=1
AckFrame
dataFrame31 push=0
dataFrame41 push=1
AckFrame
dataFrame51 push=1

so I don?t know how to Assemble the data correctly

Thank you for you helps
imp trying to process your replays .

Sharon







"Sharon" <Sharon669@xxxxxxxxxxx> wrote in message
news:OnOv7h2kFHA.3828@xxxxxxxxxxxxxxxxxxxxxxx

> Hi all
>
> I'm a java/bv programmer sorry for my lack of Winsock knowledge (and lack
> of
> good English .)
>
>
>
> I had this task to implement a simple sniffer (C code using Winsock )
>
> searching the internet I found relatively simple code , and changed it
> successfully according to my needs .
>
>
>
> My problem is like that:
>
>
>
> I am monitoring data sent over the TCP protocol,
>
> The broadcasting station transmits different sizes of data, the problem I
> encountered was when sending 6000 bytes of data.
>
>
>
> This data is fragmented into 4 frames 1514 size each, between them I get
> ACK frames
>
> So I tried to count on the PUSH flag of TCP , but on the second frame -
> the
> PUSH flag is 1
>
>
>
> Professional sniffer shows something like :
>
>
>
> 1# frame 1514 PUSH = 0
>
> 2# frame 1514 PUSH = 1
>
> 3# frame 60 ACK
>
> 4# frame 60 ACK
>
> 5# frame 1514 PUSH = 0
>
> 6# frame 1514 PUSH = 1
>
> ..
>
>
>
>
>
> What I'm trying to understand is how do I know when is the end of the TCP
> data
>
> How do I know when to stop extracting data from the TCP frames and send
> the
> data to my host application (one level up)
>
>
>
> Thank you very much
>
> I will appreciate any help !
>
> Sharon
>



.

Relevant Pages

  • Re: end of tcp stream .
    ... Well today I understood that inside the TCP data I?m transferring there is ... Then just accumulate the rest of the incoming frames until all data arrives. ... How come PUSH flag is not an indicator? ... >> I uploaded 10 pictures of the sniffer output (commercial sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • end of tcp stream .
    ... I'm a java/bv programmer sorry for my lack of Winsock knowledge (and lack ... I had this task to implement a simple sniffer ... This data is fragmented into 4 frames 1514 size each, ... So I tried to count on the PUSH flag of TCP, but on the second frame - the ...
    (microsoft.public.win32.programmer.networks)
  • Re: Advice about Master documents
    ... If you use drawing objects, please, please, please do it in PowerPoint ... Make sure your pictures are compressed and resized BEFORE you insert ... I don't see much problem with frames per se. ... >> Jeff Stevens ...
    (microsoft.public.word.formatting.longdocs)
  • Re: Simple web site cretion tool
    ... >>>won't matter soon as I'm changing to Eclipse and running my own web ... site is over 120MB and there's a lot of bother involved in moving ... I might change it to non frames with ... I use it for all my pictures pages ...
    (uk.comp.sys.mac)
  • Re: Coronado PST beginner questions
    ... But I did manage to observe nice prominences and to take a picture I'm ... with other pictures on the web in term of scale. ... is it the same principle as for planetary imaging (i.e. the more ... limit with the usefulness of a lot of frames for proms IMO. ...
    (uk.sci.astronomy)