Re: display filter to 'not see' TCP segment of a reassembled PDU packets

[Sake Blok <sake () euronet nl>]

On 8 aug 2012, at 18:05, sean bzd wrote:

> I'm looking at some traffic where there are a lot of "TCP segment of a reassembled PDU". 
> I want to look at the reassembled PDU ONLY and not the individual segments that made up the PDU. Is there any display 
> filter I can use for this.  I have the "Allow subdissector to reassemble TCP streams" checkbox checked.

When you know the protocol, you can just filter on the higher layer protocol. So for http you cab filter with "http". 
You can also exclude the segments with "!tcp.reassembled_in", however, the first segment is still shown, which can be 
considered a bug.

Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe