Wireshark-users: [Wireshark-users] Fragmented packets

From: "Tate, Denis - UK" <Denis.Tate@xxxxxxxxxxxxxxxxxx>
Date: Mon, 2 Oct 2006 11:00:01 +0100

Title: Fragmented packets

Hi - Can you help me
        I'm using wireshard 0.99.3 to decode some SNMP messages for our application.
        I've set up the mib's so that wiresharks' SNMP protocol decoder can display the messages correctly in wiresharks own captures and is able to cope with fragmented packets by re-combining them.

        A 3rd party has captured some traffic using an unknown analyser and presented me with the trace in a '.dat' file

        The only problem is that some of the packets, due to the size of the message are fragmented, which the SNMP decoder cannot process.

        Is there any way of setting wireshark to re-combine the fragmented packets, or the SNMP decoder to process the fragmented packets, or does this have to be done 'at source' ?

best regards,
Denis Tate
Senior Systems Engineer
Peek Traffic Limited.
General:  +44 (0) 1923 289310
Direct:     +44 (0) 1923 289328
Fax:        +44 (0) 1923 859195
Web:www.peek-traffic.co.uk

The information in this e-mail is confidential and is intended for the addressee only. Access to this e-mail by anyone else has not been authorised by Peek Traffic Ltd.

It is not to be relied upon by any person other than the addressee except with our prior written approval. If no such approval is given, we will not accept any liability (in negligence or otherwise) arising from any third party acting, or refraining from acting, on such information. Unauthorised recipients are requested to maintain confidentiality. If you have received this e-mail in error, please notify us immediately by e-mailing denis.tate@xxxxxxxxxxxxxxxxxx or calling 01923 289310 or faxing 01923 859195, and also we would ask you to destroy any copies and delete this e-mail from your computer system. Copyright in this e-mail and any document created by us will be and remain vested in us and will not be transferred to you.