Wireshark · Ethereal-users: [Ethereal-users] stream reassembly

Ethereal-users: [Ethereal-users] stream reassembly

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Kevin Lux <luxk@xxxxxxxxxxxxxxxxxx>

Date: Mon, 31 Jan 2005 12:28:42 -0500 (EST)

Hi everyone,

I have a half gig capture file (from ethereal) of web requests. What I
need to do is search the requests for certain keywords and record the
total bytes sent/received. The problem is the requests are large and get
fragmented. The keyword does not appear in all the packets.

I thought I could enable reassembly to have the entire request be viewed
as one segment, but didn't seem to work. The filter returns parts of the
entire response/request. I need the whole thing returned for data
collection.

My filter exp looks like "ip.src=10.0.0.54 and tcp.srcport == 80 and http
contains "Expression"".

Does anyone have any suggestions?

Thanks,
Kevin

Follow-Ups:
- Re: [Ethereal-users] stream reassembly
  - From: Jerry Talkington

Prev by Date: RE: Re: [Ethereal-users] iSCSI decoding with header digests off in versions after 0.10.6
Next by Date: Re: [Ethereal-users] stream reassembly
Previous by thread: RE: Re: [Ethereal-users] iSCSI decoding with header digests off in versions after 0.10.6
Next by thread: Re: [Ethereal-users] stream reassembly
Index(es):
- Date
- Thread