Hello, I'm trying to write a small program that will extract some statistics from CAPs containing SMB traffic.
Since this is a small program I want to use Wireshark/tcpdump to filter out all other traffic and let the program assume that all the packets are SMB. My problem is that many SMB packets span a few TCP packets and are reassembled via Wireshark. It would be very convenient for me to be able to use this feature and not have to reassemble TCP myself. Is there a way to export caps from Wireshark with the TCP `magically` reassemebled so that my program can just treat the split packets as really big TCP packets(ignoring the ethernet MTU)? Thanks In Advance, Mimsy _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
