I captured 700000 data packets and it took at least an hour for Follow UDP Stream to finish. Did the time look normal? asked 17 Nov '10, 09:29  SMCL3 |
One Answer:
Whether an hour is normal all depends on the system that was used for the analysis. There are no statistics on what a particular system can or cannot do and how much time it will take. However, 700000 packets is a lot to reassemble, so I would not be surprised by such a long time for Follow UDP Stream to finish. answered 20 Nov '10, 03:21  SYN-bit ♦♦ |
I have a wireshark trace with some SIP messages in it. When I click on a certain message and analyze it using "Follow UDP Stream" I see all of the expected messages however I don't see all of them in actual Wireshark trace with time stamps. No active filters either. Any idea how I can expose messages in trace that are hiding ?