Wireshark · Wireshark-dev: Re: [Wireshark-dev] PDML export on big capture files

Wireshark-dev: Re: [Wireshark-dev] PDML export on big capture files

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 29 Feb 2008 03:14:35 -0800

Edouard Funke wrote:

The same issue happens with "normal" tcp trafic without any custom
plugin activated.
How can i deactivate reassembly in this case ?


Try adding the command line flag

	-o tcp.desegment_tcp_streams:false

which will turn off reassembly for protocols running over TCP. Youcould also try


	-o ip.defragment:false -o ipv6.defragment:false

to turn off reassembly of fragmented IPv4 and IPv6 datagrams.

How different would be my output ?

If the traffic is, for example, HTTP or SMB, it could be quitedifferent, as large HTTP replies, and SMB write requests and readreplies, are some examples of PDUs that would be split across TCPsegment boundaries.

Follow-Ups:
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke

References:
- [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Guy Harris
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Guy Harris
- Re: [Wireshark-dev] PDML export on big capture files
  - From: Edouard Funke

Prev by Date: Re: [Wireshark-dev] PDML export on big capture files
Next by Date: Re: [Wireshark-dev] PDML export on big capture files
Previous by thread: Re: [Wireshark-dev] PDML export on big capture files
Next by thread: Re: [Wireshark-dev] PDML export on big capture files
Index(es):
- Date
- Thread