Wireshark-users: [Wireshark-users] Packet reassembly problem

From: d a <otto81494@xxxxxxxxx>
Date: Fri, 2 Feb 2007 11:16:58 -0800 (PST)
I hope Im posting in the right spot here.
Im semi-new to network traffic analysis so I appologize if I hack any terms.
I am trying to reassemble image packets downloaded from the Gnutella network. Can somebody please tell me what Im doing wrong?
On WinXP I start a capture with Wireshark(Version 0.99.0)and then download a unique image file using Phex. I do this to avoid any �swarming� issues. After the JPEG is completely downloaded, I stop the capture and then filter for the IP source of the host. I then view the captured packets and the checksum returns valid. This is where Im getting stuck. There should be an option somewhere to �export� or �reassemble�. There is an �export� option under �file� but that doesnt seem to work. I tried �follow the TCP stream� and then pasting packet data into a text editor and naming the file as a JPEG. Doesnt work either.
I did tick the boxes for �reassemble fragmented ip datagrams� and �allow dissector to reassemble TCP streams� prior to the capture. I found little info online for packet reassembly so any help is appreciated.
Ill try to include a screen capture
Thanks
Dave


TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.

GIF image