According to this guide:
you can enable TCP packet reassembly through the UI with Edit>Preferences. But I didn't see anything that would suggest that aside from "Allow subdissector to reassemble TCP stream" in the Protocols>TCP panel.
But according to this doc:
you can do it through your code with the tcp_dissect_pdus function.
I would rather do it through it the UI as it would be more convenient. Anyone how I can do that?
asked 11 Feb '11, 15:58
To clarify a bit:
Reassembly of packets for protocols running on top of TCP requires that:
If the first of those is already true, you can do it through the UI, by turning on the "Allow subdisector to reassemble TCP stream" preference and, if the dissector in question has a preference to control whether to do reassembly, turning that preference on as well.
If the first of those is not already true, either you or somebody else will have to modify the dissector to support reassembly; once that's done, reassembly could be controlled through the UI.
answered 13 Feb '11, 13:19
Guy Harris ♦♦
TCP packet reassembly is in fact controlled through the "Allow subdisector to reassemble TCP stream" in the TCP protocol preferences, if that's what you're asking.
Using "Edit" -> "Preferences" is a little too much clicking work for me though - if you're running Wireshark 1.2.x or later you can just select a frame containing TCP headers, select the "Transmission Control Protocol" header line in the decode and use the popup menu where you find the same settings listed in the "Protocol Settings" submenu. That way you can access all protocol settings a lot faster than always going into the preferences dialog.
The third way would be to create different profiles, one with reassembly enabled and one with reassembly disabled.
answered 12 Feb '11, 03:28