----- Original Message -----

From: ronnie sahlberg

To: Community support list for Wireshark

Sent: Saturday, May 09, 2009 9:04 AM

Subject: Re: [Wireshark-users] Display Filter "tcp.pdu.time"

Perhaps the presentations could be added to the wireshark webpage ?

On Sat, May 9, 2009 at 4:00 AM, Gaudineer, Kevin <GAUDINKL@xxxxxxx> wrote:

Nice presentation.  I found it useful because a couple of other
questions were answered as well.  When I got to the part of the
presentation that showed the protocol tree when using the 'tcp.pdu.time'
display filter my problem became clear.  Once I expanded the TCP
protocol section I noticed that the 'sec\ack' analysis and some
'timestamps' were also missing.  A google search led me to removing the
check mark next to pdu reassembly in the TCP protocol setup.  Once this
check mark was removed all of the time stamps were visible and the
'tcp.pdu.time' display filter is working.

Thanks again for the presentation I will keep it as a reference.



Iowa Health System

Kevin L. Gaudineer
Phone:  (515)-241-7745
Cell:  (515)-205-3069

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
j.snelders@xxxxxxxxxx
Sent: Friday, May 08, 2009 12:27 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Display Filter "tcp.pdu.time"

Hi Kevin,

Hope this helps:
www.snia.org/events/storage-developer2008/presentations/monday/RonnieSah
lberg_UsingWireshark.pdf

Regards
Joan

On Thu, 7 May 2009 15:30:35 -0500 Kevin Gaudineer wrote:

>Not sure where I am going wrong with my trace analysis but I have
several
>SMB traces and there is a lot of TCP Segment of a Reassembled PDU
frames
>in this trace.  I keep trying to use the display filter 'tcp.pdu.time'
but
>nothing is ever displayed after typing the filter in?  The WireShark
display
>filter help page says that the field will not be added into the TCP
protocol
>tree until the first refresh.  After refreshing I still have nothing in
my
>display.  I am curious if I don't have the correct understanding of
using
>this display filter.  Or do I need to do another step first before
trying
>to use it?  Any help would be appreciated.





________________________________________________________________________
___
Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

        ********************************************

This message and accompanying documents are covered by the
Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521,
and contain information intended for the specified individual(s) only.
This information is confidential. If you are not the intended recipient
or an agent responsible for delivering it to the intended recipient, you
are hereby notified that you have received this document in error and
that any review, dissemination, copying, or the taking of any action
based on the contents of this information is strictly prohibited. If you
have received this communication in error, please notify us immediately
by e-mail, and delete the original message.

       *********************************************

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

---

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe