Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] "Visually" re-assemble packet

From: Christopher Smith <Christopher.Smith@xxxxxxxxx>
Date: Mon, 8 Dec 2014 21:04:30 +0000

Thanks Guy for specifically getting back to me – sorry if my question has gotten lost in translation L

 

The easier way to explain what I am asking?  Here’s the closet to what I am asking (http://www.unleashnetworks.com/blog/?p=307 ), found it yesterday after posting.  Notice the graphics showing packet granularity @ 25k??

 

I have used Wireshark for a while now and find it both an excellent and fascinating tool.  However, I am getting the sense it filters extremely well, but doesn’t …. coalesce so easily?  Like, a method to parse through a trace to present its granularity on protocols vs frames?  Or, if it does, I haven’t asked the right question to be pointed in the right direction?

 

Regards,

Christopher

 

 

 


On Dec 7, 2014, at 11:07 PM, Christopher Smith <Christopher.Smith@xxxxxxxxx> wrote:

> I am specifically looking for a way within Wireshark to visually re-assemble a packet.

What do you mean by "visually"?

> For example, if an HTTP response is segmented into multiple 1514 byte frames – say 10 frames, how do I “tweak” Wireshark so the fully 15140 bytes appears in one “packet”

"In one "packet"" in what sense?

If an HTTP response is segmented into multiple TCP segments, and if the TCP preference "Allow subdissector to reassemble TCP streams" and the HTTP preferences "Reassemble HTTP headers spanning multiple TCP segments", "Reassemble HTTP bodies spanning multiple TCP segments", and "Reassemble chunked transfer-coded bodies" are all set, it should reassemble the HTTP response (or request). It will, however, show all of the segments as packets, rather than just showing the reassembled request or response as the only packet; the reassembled request or response will be shown for the last frame.

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


'Grant Thornton' refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. Grant Thornton Australia Ltd is a member firm of Grant Thornton International Ltd (GTIL). GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate one another and are not liable for one another’s acts or omissions. In the Australian context only, the use of the term 'Grant Thornton' may refer to Grant Thornton Australia Limited ABN 41 127 556 389 and its Australian subsidiaries and related entities. GTIL is not an Australian related entity to Grant Thornton Australia Limited.


Liability limited by a scheme approved under Professional Standards Legislation. Liability is limited in those States where a current scheme applies.

Registered Office, Level 30, 525 Collins Street, Melbourne VIC 3000

DISCLAIMER
This email message and any related attachments are confidential and should only be read by those persons to whom they were addressed. They may contain copyright, personal or legally privileged information. If you are not the intended recipient of this email, any use, copying or disclosure of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email immediately. Any confidentiality, privilege or copyright is not waived or lost because this email has been sent to you in error. Views expressed in this message are the views of the sender and are not necessarily views of Grant Thornton, except where the message expressly states otherwise. Any advice contained herein should be treated as preliminary advice only and subject to formal written confirmation. Although this email and any attachments are believed to be free of any virus or any other defect which may cause damage or loss, it is the responsibility of the recipient to ensure that they are virus‐free. Grant Thornton accepts no liability for any loss or damage that may occur as a result of the transmission of this email or its attachments to the recipient.