Revision history [back]
TCP analysis on packets captured with smaller snaplength
We are capturing packets and only first 100 Bytes are captured due to privacy reasons, but because of that TCP analysis becomes wrong, all TCp segments believe that previous segment is lost ( because of sequence numbers). Is there a way to modify the capture file i.e look at Ip.length and based on that add '00' to the packet bytes, so that analysis becomes correct? I know TCp checksum will be wrong but at least TCP analysis will be good