On Tue, Dec 10, 2002 at 05:34:08PM -0800, Alexander Tudor wrote:
> Now the question, and sorry for the pre-amble ... Is there any way of
> stitching together, in real-time, the full un-interrupted BGP update message
> stream using the current version of tethereal?
Yes.
You can either:
1) start up Ethereal (no capture file is needed), select
"Preferences" from the "Edit" menu, open up the "Protocols"
list in the dialog box that pops up, select "BGP", turn on
the "Desegment all BGP messages spanning multiple TCP
segments" option if it's not already on, select "TCP", turn
on the "Allow subdissector to desegment TCP streams" option,
click "Save", and click "OK";
2) edit the Ethereal preferences file and make sure the value of
the "bgp.desegment" and "tcp.desegment_tcp_streams" options
are both "TRUE" (or "true");
3) pass the options "-o bgp.desegment:true" and
"-o tcp.desegment_tcp_streams:true" to Tethereal when you run
it (if you're capturing and having Tethereal print data,
rather than saving to a file, or if you're reading an
existing file with Tethereal).
Any one of those tree will arrange that the BGP dissector will
reassemble BGP messages that cross TCP segment boundaries.
(Note, however, that if Tethereal is running *on* the router, rather
than on some third machine passively sniffing the wire, and the
interface on which Tethereal is capturing does TCP checksum offloading,
you may also have to disable TCP checksum checking, as outgoing packets
would, in that situation, probably be handed to Tethereal - or whatever
program is capturing traffic - before the checksum was set.
To handle that cas, you'd also have to set the "tcp.check_checksum"
option to FALSE, along the lines of 2) or 3) above, or do it from
Ethereal, along the lines of 1) above, by turning off the TCP preference
"Check the validity of the TCP checksum when possible".
However, it sounds as if you're doing sniffing on a third machine, in
which case that shouldn't be necessary.)