Is there a way to merge all the fragmented IP packets and them output
them into separate trace? I Would need smth. like:
tshark –r intrace –w outrace
to have all the packets merged inside the outrace. I then need to access
full payload of the merged packets.
Regards,
Marcin
)
So my trace is huge, can I make tshark to reassemble only the packets
that interest me? I’m worried about the performance in other case.
Also what I will see in the output trace? Only reassembled packets or
also the fragmented parts?
Marcin
Joerg Mayer pisze:
On Wed, Sep 19, 2007 at 11
Ok. when I read trace with tshark option –X it gives me reassembled
packet payload in the very last packet. Problem is that when I use –r
option to write it to other file it puts there only fragmented part of
the packet not the reassembled one. Do you have any clue for this?
Regards,
Marcin
