Re: How to parse network traffic from tcpdump in ruby?

< ^ > P N |<>|^_>< --- | ~ ...Help
Excerpts from Martin Kahlert's mail of  7 Sep 2004 (EDT):
> How can i find out the client's request for any server response?
> I tried using the ack and seq numbers for that, but they seem
> to be quite independent.

Back in the olden days you could use the client TCP port to
differentiate between HTTP requests, as one TCP connection would be
opened for each HTTP request+response. With the advent of Keep-Alive
connections it's more difficult, as multiple transactions will be on the
same TCP connection. But that would be the way to do it: look at the
client TCP port for each packet.

But if this is the level of analysis you want, I think tcpdump is the
wrong (i.e. too primitive of a) tool. You want something at the
application layer, not the TCP layer, like sitting an HTTP proxy in the
middle and capturing traffic content. Unless you're snooping a network
for other people's traffic---then I guess this might be your only
option. :)

-- 
William <wmorgan-ruby-talk / masanjin.net>