On Dec 7, 2014, at 11:07 PM, Christopher Smith <Christopher.Smith@xxxxxxxxx> wrote:
> I am specifically looking for a way within Wireshark to visually re-assemble a packet.
What do you mean by "visually"?
> For example, if an HTTP response is segmented into multiple 1514 byte frames – say 10 frames, how do I “tweak” Wireshark so the fully 15140 bytes appears in one “packet”
"In one "packet"" in what sense?
If an HTTP response is segmented into multiple TCP segments, and if the TCP preference "Allow subdissector to reassemble TCP streams" and the HTTP preferences "Reassemble HTTP headers spanning multiple TCP segments", "Reassemble HTTP bodies spanning multiple TCP segments", and "Reassemble chunked transfer-coded bodies" are all set, it should reassemble the HTTP response (or request). It will, however, show all of the segments as packets, rather than just showing the reassembled request or response as the only packet; the reassembled request or response will be shown for the last frame.