Wireshark mailing list archives
Re: Running tshark on large pcap files
From: Evan Huus <eapache () gmail com>
Date: Wed, 12 Jun 2013 09:00:20 -0400
On Tue, Jun 11, 2013 at 10:51 PM, Rayne <hjazz6 () ymail com> wrote:
Is there a way to turn off TCP reassembly in tshark? I'm running tshark on multiple files using a script on a Linux server, so I can't use SplitCap.
tshark -o tcp.desegment_tcp_streams:false ...
And it also doesn't seem like I can split up the files with editcap. Whenever I tried to do that with the large pcap files, I got empty output files (24 bytes) instead. I'm not sure if it was due to the large file size.
That's odd. If you can reproduce consistently (and perhaps with a smaller capture) please file a bug. Cheers, Evan ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Running tshark on large pcap files Rayne (Jun 10)
- Re: Running tshark on large pcap files Sake Blok (Jun 10)
- Re: Running tshark on large pcap files Rayne (Jun 10)
- Re: Running tshark on large pcap files Rayne (Jun 10)
- Re: Running tshark on large pcap files Anders Broman (Jun 10)
- Re: Running tshark on large pcap files Christopher Maynard (Jun 10)
- Re: Running tshark on large pcap files Rayne (Jun 11)
- Re: Running tshark on large pcap files Evan Huus (Jun 12)
- Re: Running tshark on large pcap files Christopher Maynard (Jun 12)
- Re: Running tshark on large pcap files Erik Hjelmvik (Jun 13)
- Re: Running tshark on large pcap files Rayne (Jun 10)
- Re: Running tshark on large pcap files Sake Blok (Jun 10)
- Re: Running tshark on large pcap files Sake Blok (Jun 12)