From: mukesh agrawal (mukesh@cs.cmu.edu)
Date: 02/27/04
Date: Fri, 27 Feb 2004 09:23:33 -0500 (EST) From: mukesh agrawal <mukesh@cs.cmu.edu> Subject: tcptrace-bugs data extraction with missing tcp segments (silent failure) Message-ID: <Pine.LNX.4.44.0402270917500.1054-100000@slash.mukesh.agrawals.org>
I've got a capture file that has missing segments for some of the TCP
connections.
I ran "tcptrace -l -e <dumpfile> > <summary>" to extract the payload of
the TCP sessions.
In generating the TCP stream extracts, tcptrace filled in the
missing data with NULLs. This is a reasonable implemention choice, but it
would be nice if tcptrace emitted a warning in this case.
(Before analyzing the data, I didn't know that the tcpdump was incomplete.
So, when I looked at the extract file, I thought the application was
sending corrupt data. It was only after looking at the long summary that I
realized tcpdump must have missed some segments. Having a warning about
the missing segments would have avoided the confusion.)
This archive was generated by hypermail 2.1.7 : 02/27/04 EST