On Thu, Oct 23, 2008 at 12:54:20PM +0100, John Paul Sheridan wrote:
> First time post.
Welcome!
> I dont want to see the extra TCP segment packets in my PDML stream,
> only the reassembled ones. Is there a filter (capture or display)
> that I can set with t-shark to omit the segment packets from my PDML
> stream (remember I use Wireshark for visual analysis of the data but
> tshark in my java app?
Set the filter to "http" and you will only get http packets that are
reassembled or don't need reassembly. This will also filter out the
packets without http data in them such as the initial handshake and tear
down of the TCP session. Does this help or do you need to see those
other packets too?
Steve