Good library for TCP reassembly

Question

What are some good libraries for doing TCP reassembly? I have some pcap files (too large to handle using wireshark) and I want to do TCP reassembly. Development of libnids seems to have stopped. I'm wondering if anybody could give

See [this question](http://stackoverflow.com/questions/6151417/) — rupello, Jun 07 '11 at 18:05

score 2 · Accepted Answer · answered Sep 24 '11 at 21:30

2

Have you tried using the bro-ids http://bro-ids.org/ TCP layer written in C++? You are able to write simple application layer bro-scripts to do whatever you need to do. Otherwise, you can take a look on their src code.

answered Sep 24 '11 at 21:30

Ioannis Pappas

807
12
22

I see bro-ids websites.there is not any point to TCP reassembly. – Phonix Jun 04 '15 at 23:14

Good library for TCP reassembly

1 Answers1