|
Component index
Section index | Component tcpdump |
| Search |
Type | Function |
Summary | TCP packet sniffer with session management |
Description | It uses the pcap library to listen in promiscuous mode on a network interface. It monitors TCP session and collect statistics on each. Using functags, it lets application do special processing on each session. |
  | void endsession (int no, const TCPSESSION &session, ARRAY_OBJ *data, bool &end, bool clientending) | |
  | void missing (int no, const TCPSESSION &session, bool from, ARRAY_OBJ *data, bool &end, bool &discard, unsigned long expect, unsigned long got) | |
 | void newsession (int no, const TCPSESSION &session, ARRAY_OBJ *&data, bool &end, bool &discard, bool &reverse) | |
  | void pzcket (int no, const TCPSESSION &session, ARRAY_OBJ *data, bool &end, bool from, TCPDUMP_STATS &stats, const void *data, int len) |
We ahve seen the last TCP packet (fin and ack sequence). We won't be called for this TCP session from now on.
Either the sniffer is too slow (missing packet) or something else is happening. the tcpdump component assume all packet are sent in proper order
New mean "Not seen since we start the sniffer", so the TCP session may not be completly new.
THe functag is only called when some user data is available in a TCP packet. Other data less packet (ack) are not visible here.