Wireshark · Ethereal-users: Re: [Ethereal-users] stream reassembly

Ethereal-users: Re: [Ethereal-users] stream reassembly

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jerry Talkington <jtalkington@xxxxxxxxxxxxxxxxxxxxx>

Date: Mon, 31 Jan 2005 11:35:47 -0800

On Mon, Jan 31, 2005 at 12:28:42PM -0500, Kevin Lux wrote:
> Hi everyone,
> 
> I have a half gig capture file (from ethereal) of web requests. What I
> need to do is search the requests for certain keywords and record the
> total bytes sent/received. The problem is the requests are large and get
> fragmented. The keyword does not appear in all the packets.
> 
> I thought I could enable reassembly to have the entire request be viewed
> as one segment, but didn't seem to work. The filter returns parts of the
> entire response/request. I need the whole thing returned for data
> collection.
 
If you've enabled all of the preferences described here:
http://wiki.ethereal.com/TCP_20Reassembly , and the packets are still
not being reassembled, then they are probably out of order or
retransmitted.  If that's the case, then the TCP dissector doesn't
reassemble them...

-- 
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762

References:
- [Ethereal-users] stream reassembly
  - From: Kevin Lux

Prev by Date: [Ethereal-users] stream reassembly
Next by Date: [Ethereal-users] No packets being captured at all
Previous by thread: [Ethereal-users] stream reassembly
Next by thread: [Ethereal-users] No packets being captured at all
Index(es):
- Date
- Thread