Ok thanks! Another question is:
My case is bit particular. My trace consists of:
1) UDP packets of interest, identified by the particular payload
bytes (most of them are fragmented)
2) All the IP packets that are fragmented (this is done in such way
to be able to catch all the parts)
So my trace is huge, can I make tshark to reassemble only the packets
that interest me? I’m worried about the performance in other case.
Also what I will see in the output trace? Only reassembled packets or
also the fragmented parts?
Marcin
Joerg Mayer pisze:
On Wed, Sep 19, 2007 at 11:09:41AM +0200, Marcin wrote:
Is there a way to merge all the fragmented IP packets and them output
them into separate trace? I Would need smth. like:
tshark ???r intrace ???w outrace
to have all the packets merged inside the outrace. I then need to access
full payload of the merged packets.
In a newly installed setting wireshark (and tshark) will automagically
reassemble fragmented ip packets: The last fragment will dissect like
the whole packet. This behaviour can be changed via preferences.
ciao
Joerg
----------------------------------------------------------------------
To takie proste - u�yj telefonu
http://link.interia.pl/f1b9c