Hi,
I'm parsing TShark's PDML results output and have problems with huge
outputs when the reassembly is big.
For a 10MB download file, the output of the single <packet> output
corresponding to HTTP response & reassembled TCP is 100MB, 10 times
bigger (including several times the same info: all TCP segments
described, then the reassembly "show" version, the "value" version etc ...)
I may earn some space if I disactivate "Reassemble chunked", "Uncompress
entity" but in the future I'll be interested to have the beginning of
the reassembly only, so the question to limit the output.
For the moment, I'm only using reassembly to get the time of download
http.time. Without reassembly, http.time corresponds to the time to
first byte only.
-> Is there a way to limit size of reassembly?
-> Is there a way to get the total time of an HTTP download without
reassembly?
Thanks,
Thomas
