Wireshark · Wireshark-users: [Wireshark-users] Using TCP-reassembly

Wireshark-users: [Wireshark-users] Using TCP-reassembly

From: "John Smith" <mimsyboro@xxxxxxxxx>

Date: Fri, 24 Aug 2007 13:52:12 +0300

Hello,

I'm trying to write a small program that will extract some statistics
from CAPs containing SMB traffic.

Since this is a small program I want to use Wireshark/tcpdump to
filter out all other traffic and let the program assume that all the
packets are SMB.

My problem is that many SMB packets span a few TCP packets and are
reassembled via Wireshark. It would be very convenient for me to be
able to use this feature and not have to reassemble TCP myself.

Is there a way to export caps from Wireshark with the TCP `magically`
reassemebled so that my program can just treat the split packets as
really big TCP packets(ignoring the ethernet MTU)?

Thanks In Advance,
Mimsy

Follow-Ups:
- Re: [Wireshark-users] Using TCP-reassembly
  - From: Guy Harris

Prev by Date: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Next by Date: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Previous by thread: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Next by thread: Re: [Wireshark-users] Using TCP-reassembly
Index(es):
- Date
- Thread