tcpwiresharkpackettcpdumpwireshark-dissector

How to separate data from different files in a single TCP packet?


Say I have transmitted data of 2 files A.bin and B.bin, since a TCP packet can have data from more than one file starting at random position, after wireshark capture, how can I identify which part of the data of packet belongs to which file(Assuming I don't have the original files A.bin and B.bin)?


Solution

  • TCP is a byte stream. It has no inherent message semantic, i.e. neither at packet boundaries nor inside packets. Any message semantics need to be done by an application layer protocol or have to be somehow inherent in the transferred data.

    If there is no specific application protocol which somehow describes where A.bin ends and B.bin starts and if these information are not inherent in these files (like having a specific file format) then it is impossible to separate the files. But assuming that this is a real world application where the receiver knows how to separate the files, then you have to apply the same knowledge the receiver has to your packet capture. But there is no generic magic approach to this.