StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
9997448
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-04-03T16:24:34.393
FavoriteCount
0
LastActivityDate
2012-04-03T16:29:47.137
LastEditDate
2012-04-03T16:29:47.137
LastEditorUserId
403506
OwnerUserId
403506
ParentId
9681693
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
The snifex.c is a good start (http://www.tcpdump.org/pcap.html) In the callback function: <pre><code>got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); </code></pre> the pointer *ip points to the start of the ip header. <pre><code>ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); </code></pre> There you can find the IP address information. Note that you have to separate the calls to inet_ntoa as it appears to use a static buffer. So you should use two printf calls if you are planning to show the output in the cmd or file. That is why they are in separate lines in snifex.c: <pre><code>printf(" From: %s\n", inet_ntoa(ip->ip_src)); printf(" To: %s\n", inet_ntoa(ip->ip_dst)); </code></pre> For the TCP information you can use the tcp pointer <pre><code>tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip); </code></pre> Use the TCP flags tcp->th_flags to find out the connection state, e.g. <code>tcp->th_flags==TH_SYN</code> Once you know the flags you have to check the <a href="http://www.ietf.org/rfc/rfc793.txt" rel="nofollow">RFC793</a> TCP/IP state diagram to determine the state of the TCP protocol. In terms of implementations, you could use a hash array for each 4-tuple (srcIP, dstIP, srcPort, dstPort) in order to have an O(1) (best case). Note that there may be cases in which you see midstream traffic, or half-open TCP connections etc. The RFC describes in detail how to handle them. Finally, if you do not wish to implement the TCP protocol you can use the <a href="http://libnids.sourceforge.net/" rel="nofollow">Libnids</a> library which emulates the IP stack of Linux 2.0.x, offers IP defragmentation and TCP stream assembly.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POStoring a list of IP addresses in my network with its TCP state transitions
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USIoannis Pappas
UserOwnerUserId
1. USIoannis Pappas
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.