![]() ![]() ![]() That IP ID should probably expire after some amount of time after the first fragment is received perhaps it should be removed if all the fragments of the packet have been seen and accepted. Two questions: 1 Isn't the tshark command above the tshark equivalent of the same use case? In order to filter all packets going to or from portincluding fragments, a form of stateful filtering is necessary. I only get one packet - it doesn't save all fragments. I therefore expected this to work for tshark 1. Wireshark now since rev saves all dependent packets too when one saves all packets according to the display filter. The simple tshark -f 'port ' Doesn't work if there are SNMP traps that are fragmented, because then we don't get all the fragments. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |