Revision history [back]
fragmented cflow packets
I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE
, but still i cant reassemble it.
below is the example:
16 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810
18 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440
20 773 173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440
I want to re-assemble this and then analyse it as a cflow packets and get the fields values.
Could you please help me.
fragmented cflow packets
I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE, tcp.desegment_tcp_streams:TRUE, but still i cant reassemble it.
below is the example:
16 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810
18 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440
20 773 173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440
I want to re-assemble this and then analyse it as a cflow packets and get the fields values.
Could you please help me.
fragmented cflow packets
I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE, but still i cant reassemble it.
below is the example:
example:
packet-1: 16 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810
TSecr=398428810 packet-2:
18 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440
TSecr=399197440 packet-3:
20 773 173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440
TSecr=399197440 I want to re-assemble this and then analyse it as a cflow packets and get the fields values.
Could you please help me.