This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

This is my first project where I'm dealing with analyzing network traffic so bare with me.

I'm trying to analyze some TCP data that is normally fragmented into several frames due to the size. I know WireShark has the ability to reassemble the frames for me, does TShark have this same ability? I don't want to start down the path of using TShark if it can't do this.

Thanks Ed

asked 05 Nov '14, 05:52

EdDickens's gravatar image

EdDickens
11224
accept rate: 0%


The dissection "engine" is shared between Wireshark (the GUI application) and tshark (the command line application). Both applications also read the same configuration file, e.g. for reassembly settings, so there should be no difference in behaviour.

permanent link

answered 05 Nov '14, 06:05

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks Graham.

So as long as the option to reassemble is turned on in Wireshark, TShark will do the same.

(05 Nov '14, 06:27) EdDickens
1

Yep, although you'll have to work a little harder in tshark to control the field output.

(05 Nov '14, 06:54) grahamb ♦

That's my next task. Figuring out capture and display filtering.

Thanks again

(05 Nov '14, 06:57) EdDickens

Filtering syntax is the same for both applications (noting that capture and display filters do have a different syntax), although tshark has two display filter options; -R and -Y.

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(05 Nov '14, 07:11) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×752
×122
×30

question asked: 05 Nov '14, 05:52

question was seen: 3,791 times

last updated: 05 Nov '14, 07:11

p​o​w​e​r​e​d by O​S​Q​A