Limit size of Reassembled TCP

[Thomas Baudelet <thomas.baudelet () iwaxx com>]

Hi,

I'm parsing TShark's PDML results output and have problems with huge 
outputs when the reassembly is big.

For a 10MB download file, the output of the single <packet> output 
corresponding to HTTP response & reassembled TCP is 100MB, 10 times 
bigger (including several times the same info: all TCP segments 
described, then the reassembly "show" version, the "value" version etc ...)

I may earn some space if I disactivate "Reassemble chunked", "Uncompress 
entity" but in the future I'll be interested to have the beginning of 
the reassembly only, so the question to limit the output.

For the moment, I'm only using reassembly to get the time of download 
http.time. Without reassembly, http.time corresponds to the time to 
first byte only.

-> Is there a way to limit size of reassembly?
-> Is there a way to get the total time of an HTTP download without 
reassembly?

Thanks,
Thomas
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe