Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] How to decode just TCP flow data

Date: Tue, 04 Aug 2009 10:45:13 +0200
Hello,

I want to decode just the TCP flow data, this is eliminating retransmisions and out of order data (like the receiving application will receive the data). 

I can't use 'Retransmission' TCP analysis because it marks full frames, and a TCP retransmission, normally has retransmited data plus new data. 

Where Wireshark does this work well is in 'Follow TCP stream'. I need someting similar but for all connections without looking if data is Ack'ed. It has to be done ignoring the Filter because the Filter can hide some packets of a TCP connection (and the decode of a packet depends on the previous packets).

Any idea of how to do that ?

Regards,

Joan Rami�.