On Sep 19, 2007, at 2:09 AM, Marcin wrote:
> Is there a way to merge all the fragmented IP packets and them
> output them into separate trace? I Would need smth. like:
> tshark -r intrace -w outrace
> to have all the packets merged inside the outrace. I then need to
> access full payload of t
Ok. when I read trace with tshark option –X it gives me reassembled
packet payload in the very last packet. Problem is that when I use –r
option to write it to other file it puts there only fragmented part of
the packet not the reassembled one. Do you have any clue for this?
Regards,
Marcin
Ok thanks! Another question is:
My case is bit particular. My trace consists of:
1) UDP packets of interest, identified by the particular payload
bytes (most of them are fragmented)
2) All the IP packets that are fragmented (this is done in such way
to be able to catch all the parts)
On Wed, Sep 19, 2007 at 11:09:41AM +0200, Marcin wrote:
> Is there a way to merge all the fragmented IP packets and them output
> them into separate trace? I Would need smth. like:
> tshark ???r intrace ???w outrace
> to have all the packets merged inside the outrace. I then need to access
> full
run a capture while doing
ping -s 6
or while running NFS over UDP
and youll get as many fragmented packets as you want
On 11/10/06, Hans Nilsson <[EMAIL PROTECTED]> wrote:
> Hello! Does anyone have some sample captures with fragmented IP-packets?
> Maybe something like first one packet split
