how to enable ip reassembly in tshark

["Wenling Li -X (wenlli - CIeNET at Cisco)" <wenlli () cisco com>]

Hi wireshark supporter,

I installed wireshark software on my Ubuntu 16.04, and when I using tshark to capture packets, I found that one of the 
sip packet which is more than 1500bytes is fragmented as two ip packets.

But if I using wireshark to capture all the sip packets can be shown completely, the bigger sip packet which is more 
than 1500 bytes can be displayed in one packet in wireshark.

My tshark and wireshark version is 2.2.6.

So I'm confused, then I checked the preference of wireshark, and found that ip reassembly is enabled by default, you 
can reference as below screen shots:

[cid:image005.jpg@01D37046.E62B85F0]          [cid:image006.jpg@01D37046.E62B85F0]
Now I need do some automation about capture packet and analyze packets, so it's difficult to me if the sip message is 
fragmented as IP packets.
Is there any solution for this problem? Expect for your response and thanks for your strong support!

Br
Lily

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe