Im using pcap for analysis of SIP, normally I permantently run tcpdump to capture, and when I need to see data, I filter out interesting packages using ngrep. Unfortunately when packages are fragmented, ngrep only returns one of the fragments. I have of course enabled capture of all fragments in tcpdump, so the data is available. I have tried to use other tools to filter, but they could'nt handle the fragments either. Anyone know of a tool which can assemble the fragments in a pcap file into jumbo frames, so I can make valid filtering. Is it doable to write such a tool? asked 17 Aug '16, 02:30  Kjeld Flarup |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Kjeld, incidentally, a question on identical subject has been asked a few hours before, so watch that one :)