Wireshark-dev: [Wireshark-dev] Getting TCP stream content
From: "Nick Chorley" <[email protected]>
Date: Fri, 24 Aug 2007 14:46:36 +0100

I'm wondering how hard it is to implement Wireshark's "Follow TCP Stream" feature. Basically, I need to do this myself because 1. I have large data files that Wireshark can't handle and 2. I need to do this automatically, because there are a large number of streams in the data. What I would like to be able to do in my program is get the contents of each individual stream and then do some processing on the readable ASCII in the stream. Wireshark does *exactly* what I want in that it gives me the stream content in ASCII, but the only downsides are those mentioned above. I have found a library that performs TCP stream reassembly (libnids) and have used it but it appears to interleave streams :/.

Any suggestions would be great!


Nicky Chorley