Hello Abhik,
very fast ;-) - thank you! But I am not looking for the content of the reassembled packets, just for the overall packet size.
The window under the menu (File > Export > Object > HTTP) seems to contain these information, so how can I exctract the two columns (packet num and bytes)
from there? Just copy it and save this window content into a text file is not possible or am I wrong?
What I want to have at last is a kind of list in the following way:
http packet size 100 ( this packet does not need to be reassembled, cause it fits in a single tcp packet )
http packet size 1460 ( this packet does not need to be reassembled, cause it fits in a single tcp packet )
http packez size 1461 ( one http packet but from reassembled tcp packets )
http packet size 2083 ( one http packet but from reassembled tcp packets )
And is it possible to get the "File > Export > Object > HTTP" information via tshark?
As I said I just need the reassembled packet sizes and of course the packet number.
Thanks a lot again,
Daniel
Hello Daniel,
Yes, this is very much possible from the menu:
File > Export > Object > HTTP
Hope this helps
Abhik
On Sun, Aug 10, 2008 at 4:55 PM, Daniel Gramsch <dagra@xxxxxx> wrote:
Hello,
is it possible to view (and export) only reassembled HTTP packets in
wireshark, even when their length is larger than the maximum
transmission unit of an ip packet? I will give an example:
tcp packet 1 contains some HTTP data . The data size is 1460 bytes,
which is the max possible tcp payload in my network.
tcp packet 2 contains the rest of the HTTP data. The data size is f.e.
900 bytes.
The reassembled HTTP packet size is therefore 2360 bytes. It would be
nice if there is a possibility where only this reassembled packets could
be viewed or better saved via wireshark. So how can this be done?
Thanks for your help,
Daniel
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users
