maybe this can help, there were answers in here:
How to Reassemble TCP Packets[
^]
Based on your replies to other messages:
Google "TCP Packet Format" and you'll find all you ever wanted to know about packets.
If you are wanting to look at the content on packets going between a browser and a web server (other questions you've asked said you want to reassemble packets to see the HTTP Headers / Mime Types), then you are in for some fun decoding.
You are looking into the
topmostlayer of a standard OSI 7 Layer Network module. That is, you are wanting to look at the content of a message between two cooperating applications (Browser - Web Server).
You are observing, using the sniffer you found, the
bottom-most layer of that model, the datalink layer (bits on the wire).
Each layer as it passes from the wire, through the routing layer, through the session layer, yada, yada, wraps (going down) or unwraps (going up) the data from the previous layer with its own protocol. It's how, for example, one browser in your PC might have two active links to two different web servers and overlapping the activity yet the packets are not intermixed in the application. The various layers allow them to share the same wire, through a common gateway, and into the amorphous cloud that is the internet without messing up the sequence and flow of the data.
If you want to reverse engineer that so you can see the files being downloaded or the web pages being displayed, you need to do a lot of research and work.
Start here: -->
TCP/IP Model[
^] or here: -->
OSI Model[
^] and then head off to the protocol documents to find out how to unwrap the bits.
Submit an article or tip