npcap packet reassembly
Can any npcap library functions reassemble fragmented packets? Right now we are using pcap_next_ex and we get fragments. Would like to know if possible to get the assembled message.
TIA
2 Answers
- Sort by
oldest newest most voted
0
Can any npcap library functions reassemble fragmented packets?
No. It's libpcap plus driver code (and a library that the libpcap code uses to communicate with the driver), and libpcap's purpose is to deliver raw packets to an application; it's up to the application to do reassembly. Wireshark, for example, has code to do IP reassembly.
0
This is a question for the ncap folks over at npcap.com. I believe they're try to catch up with libpcap API, about which I know nothing.
Here are some links to libpcap specifically and the TCPDump site which covers libpcap as well.
Comments
I believe they're try to catch up with libpcap API
Given that they provide the libpcap API by compiling iibpcap code and shipping it as one of the libraries, there's not much catching up to do - I think they're currently based on libpcap 1.10.4, which is the current libpcap release.
I wasn't aware that npcap was now current with libpcap, looking at the release notes I can see that occurred in npcap 1.74, which has a critical regression so use 1.75 or later.
Current stable Wireshark (4.0.8) still installs npcap 1.71. That will change with the 4.2.x release.
As far as libpcap library use goes, the current Windows version of Wireshark is compiled with libpcap1.10.1.1
As far as libpcap library use goes, the current Windows version of Wireshark is compiled with libpcap1.10.1.1
...which differs from 10.1.4 only for bug fixes; no new APIs were introduced, at least as per diffs between pcap/pcap.h.
Your Answer
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments