Hi Cedric,
> Support for TCP segmentation as well as new parsers that use this > feature should be pushed before end of week. Concerning the capture of > POST messages we should probably start working on this in february (this > is a small company so no schedule is ever definitive, so no promise). > I guess we just have to wait awhile then and see how things develop. We are a small company too, and the projects concerning POST re-assembly need some time to take off. After TCP segmentation is pushed, I will make some time to get a first feel of junkie. > > > In some of our projects, we are only interested in the length of HTTP > > requests and responses therefor reassembling the whole requests would be > > overkill, as the segment lengths can be read from the TCP headers of > packets > > in a TCP stream, obviously. > > Yes, in theory we could follow the sizes associated with each request quite > precisely even with truncated packets as long as the "Content-length" > header lines are present. Another way is too follow the TCP stream and summarize the payload lengths in the TCP headers instead of using HTTP headers, ignoring retransmitted packets. > To be honest, truncated packets were > introduced very recently and were not tested much (since we do not > require this feature), thus I'm not certain junkie is very robust in this > regard ; but I'm going to check. > Nice test-case for us would be to check if one could get the HTTP request/response lengths as described above. Cheers, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
