Wireshark · Ethereal-users: Re: [Ethereal-users] Problem following TCP Streams with Fragmented Packets

Ethereal-users: Re: [Ethereal-users] Problem following TCP Streams with Fragmented Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Fri, 10 Jan 2003 11:26:55 -0800

On Fri, Jan 10, 2003 at 05:37:24PM -0000, mike.thackray@xxxxxxxxx wrote:
> (I assume this is because the
> display filter created by Ethereal uses port numbers which are not
> present in the second "fragmented IP protocol" fragments.

Yes, that's why.

> Is there any way of following the entire stream,

Select "Preferences" from the "Edit" menu, click on the "[+]" next to
"Protocols" to open up the list of protocols, select "IP" from that
list, turn on "Reassemble fragmented IP datagrams", click "Save" if you
want Ethereal and Tethereal to *always* reassemble fragmented IP
datagrams by default (i.e., if you do that, the next time you run
Ethereal you won't have to do all this), and then click "OK".

This will cause Ethereal to reassemble fragmented IP datagrams, so that
it will see the entire GTP fragment and thus the entire IP datagram
inside the GTP packet and thus the entire TCP segment inside the IP
datagram.

References:
- [Ethereal-users] Problem following TCP Streams with Fragmented Packets
  - From: mike.thackray

Prev by Date: [Ethereal-users] Problem following TCP Streams with Fragmented Packets
Next by Date: Re: [Ethereal-users] Ethereal Top Talkers - Other reporting info?
Previous by thread: [Ethereal-users] Problem following TCP Streams with Fragmented Packets
Next by thread: RE: [Ethereal-users] Ethereal Top Talkers - Other reporting info?
Index(es):
- Date
- Thread