Wireshark-users: Re: [Wireshark-users] Question about TCP buffering and Wireshark
There is no setting in wireshark to show these separately
since wireshark does not know where is the separation.
Look at http://anonsvn.wireshark.org/wireshark/trunk/doc/README.developer :
2.7.1 Using tcp_dissect_pdus().
or
2.7.2 Modifying the pinfo struct.
Olivier
sean bzd a écrit :
TCP experts,
I'm trying to understand some TCP packets sent by my application that
I captured through wireshark. I noticed that multiple send() {winsock
API) calls are being combined into a single TCP frame. My custom
plugin doesn't seem to be able to parse this properly. Is there a
setting in wireshark to show these separately? OR is there something
in the plugin I can do to separate the frame into multiple app
packets??
The otherway around - i.e a large app packet split up into multiple
tcp frames is working fine and I had to do something special in my
plugin to handle this. (reassembled PDUs).
Thanks for your help.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe