Re: tshark option for reassembled fragment output

[Evan Huus <eapache () gmail com>]

On Wed, Mar 27, 2013 at 7:10 PM, Hadriel Kaplan <HKaplan () acmepacket com> wrote:
> [note: Interestingly in Wireshark if you either do "wireshark -r <file> -d icmp.resp_in" or set that display-filter 
> before opening the file within the GUI, nothing shows up either at first... but if you clear the display filter 
> inside the gui after the file is open and re-apply the filter, the correct frames show up.  But that's because of 
> what I had said earlier: it performs a first-pass on reading the file with the read-filter and display-filter, and a 
> second pass while loading the GUI packet-store which was filled by whatever passed the first-pass, which won't 
> contain anything in this case because the ICMP requests won't pass this display-filter in the first pass.]

The -d -r case fixed in r48615. The case where the user manually
enters a display filter first in the GUI is a bit more complicated to
fix.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe