Re: "Visually" re-assemble packet

[Guy Harris <guy () alum mit edu>]

On Dec 8, 2014, at 3:30 PM, Christopher Smith <Christopher.Smith () au gt com> wrote:

> > > > > Like, a method to parse through a trace to present its granularity on protocols vs frames?
> > > >
> > > > So do you mean that you want a display that shows, for example, each HTTP request or response as a single line in 
> > > > the summary, with, for example, the length field showing the length of the request or response as a whole, with 
> > > > the packet details at a lower level (link-layer frame, IP, TCP) hidden?
> > >
> > > Yes :-)
> >
> > OK, so the reassembly's already being done by Wireshark, and it's just a question of the packet summary display.
> >
> > That can't *fully* be done currently, but if, for example, you filter the display with a filter such as "http", 
> > it'll show only the HTTP traffic.
>  
> I know :-( - my scenario it’s SMB – so on that filter I JUST get the “tail” frame – which is great for any analysis 
> based on timestamps, but not the FULL picture

So what additional information do you need?  A display hiding the details below the SMB level won't show you *any* 
frames.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe