On Dec 8, 2014, at 3:30 PM, Christopher Smith <Christopher.Smith@xxxxxxxxx> wrote:
>>>>> Like, a method to parse through a trace to present its granularity on protocols vs frames?
>>>>
>>>> So do you mean that you want a display that shows, for example, each HTTP request or response as a single line in the summary, with, for example, the length field showing the length of the request or response as a whole, with the packet details at a lower level (link-layer frame, IP, TCP) hidden?
>>>
>>> Yes :-)
>>
>> OK, so the reassembly's already being done by Wireshark, and it's just a question of the packet summary display.
>>
>> That can't *fully* be done currently, but if, for example, you filter the display with a filter such as "http", it'll show only the HTTP traffic.
>
> I know :-( - my scenario it’s SMB – so on that filter I JUST get the “tail” frame – which is great for any analysis based on timestamps, but not the FULL picture
So what additional information do you need? A display hiding the details below the SMB level won't show you *any* frames.