On a project I am starting to work with, we have a mail messaging format
that we are trying to capture, database and analyze. I have seen Ethereal
working and I thought this might be a starting point for the project.
How difficult is it, based on the network packets being captured, to re
assemble these messages, given that some of them may be either incomplete or
duplicates (box a is sending the same message to box b and box c)
Would this be good to develop a plugin to handle this?
Could the message be recreated based on the TCP header info (if sent via
TCP - some are some aren't)? Does the TCP header provide a time stamp
(absolute or relative?) indicating a time for the source/destination
machine?
Doesn't the reliability and completeness of the message get handled by TCP
level?
In another area..
Any luck on an XML implementation for network packets?
Would this need to be sort of a generic XML implementation (Net-ML) or a
protocol specific( TCP-ML, IP-ML)
I saw some of the other threads with examples like:
<packet number="1">
<ethernet>00:c0:4f:6b:9f:e0 00:c0:4f:30:20:11</ethernet>
<ip>192.168.44.1 192.168.68.1</ip>
</packet>
and
<packet number="1">
<ethernet>
<source> 00:c0:4f:6b:9f:e0 </source>
<destination> 00:c0:4f:30:20:11 </destination>
</ethernet>
<ip>
<source> 192.168.44.1 </source>
<destination> 192.168.68.1 </destination>
</ip>
</packet>
Eric Bresie
ebresie@xxxxxxx
