Wireshark · Wireshark-users: [Wireshark-users] Packet reassembly problem

[d a <otto81494@xxxxxxxxx>]

I hope Im posting in the right spot here.

Im semi-new to network traffic analysis so I appologize if I hack any terms.

I am trying to reassemble image packets downloaded from the Gnutella network. Can somebody please tell me what Im doing wrong?

On WinXP I start a capture with Wireshark(Version 0.99.0)and then download a unique image file using Phex. I do this to avoid any �swarming� issues. After the JPEG is completely downloaded, I stop the capture and then filter for the IP source of the host. I then view the captured packets and the checksum returns valid. This is where Im getting stuck. There should be an option somewhere to �export� or �reassemble�. There is an �export� option under �file� but that doesnt seem to work. I tried �follow the TCP stream� and then pasting packet data into a text editor and naming the file as a JPEG. Doesnt work either.

I did tick the boxes for �reassemble fragmented ip datagrams� and �allow dissector to reassemble TCP streams� prior to the capture. I found little info online for packet reassembly so any help is appreciated.

Ill try to include a screen capture

Thanks

Dave

---

TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.