Hi!

I need your suggestion on how to go about with eavesdropping on TCP
traffic.

For verification purposes (i.e., verification of a protocol at the
application layer on top of TCP), I need to eavesdrop on the
communication between a client and server, since the network is
expected to be poor in between them. I need to check that the client
gets all the messages it should while it is still operating. I do not
have physical access to the client computer, which is why i want to
capture traffic from another computer.

My original idea was to use a computer with a hub or something similar
to capture non-local traffic between the server and the client,
tapping the data just before the client. Having just finished a
binding of libpcap to my favorite programming language, I started to
realize that it might not be so trivial to arrange IP defragmentation,
checksums, etc. In the end, all I want to do is to decode the protocol
at the application layer.

Is there some other way I can go about doing this without programming
something like a TCP/IP decoder at the application level? Any tools
built into the operating system (linux/win) one could use? Any
libraries should carry BSD license or similar.

Best regards
Björn Holmberg

In article <1178484414.283948.24170@n76g2000hsh.googlegroups. com>,
ssh9614@hotmail.com wrote:

> Hi!
>
> I need your suggestion on how to go about with eavesdropping on TCP
> traffic.
>
> For verification purposes (i.e., verification of a protocol at the
> application layer on top of TCP), I need to eavesdrop on the
> communication between a client and server, since the network is
> expected to be poor in between them. I need to check that the client
> gets all the messages it should while it is still operating. I do not
> have physical access to the client computer, which is why i want to
> capture traffic from another computer.
>
> My original idea was to use a computer with a hub or something similar
> to capture non-local traffic between the server and the client,
> tapping the data just before the client. Having just finished a
> binding of libpcap to my favorite programming language, I started to
> realize that it might not be so trivial to arrange IP defragmentation,
> checksums, etc. In the end, all I want to do is to decode the protocol
> at the application layer.
>
> Is there some other way I can go about doing this without programming
> something like a TCP/IP decoder at the application level? Any tools
> built into the operating system (linux/win) one could use? Any
> libraries should carry BSD license or similar.

How about using an application like Wireshark? It has some options to
find all the packets that make up a stream, merge fragments, etc.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

> How about using an application like Wireshark? It has some options to
> find all the packets that make up a stream, merge fragments, etc.

Unfortunately for my purposes Wireshark uses GNU GPL. It might
otherwise have been a good option to write a dissector for it. As a
"raw socket newbie" it does however strike me as a bit strange if a
plentiful number of tools/libraries did not already exist that could
me solve my problem.

/Björn

In article <1178611506.346972.29620@l77g2000hsb.googlegroups. com>,
ssh9614@hotmail.com wrote:

> > How about using an application like Wireshark? It has some options to
> > find all the packets that make up a stream, merge fragments, etc.
>
> Unfortunately for my purposes Wireshark uses GNU GPL. It might
> otherwise have been a good option to write a dissector for it. As a
> "raw socket newbie" it does however strike me as a bit strange if a
> plentiful number of tools/libraries did not already exist that could
> me solve my problem.

You're writing an application based on this? The impression I got from
your post was that you just needed to decode packets, and Wireshark does
this already.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***