Wireshark - 1.0 Betriebsanweisung Seite 156
- Seite / 284
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
7.6. Packet Reassembling
7.6.1. What is it?
Network protocols often need to transport large chunks of data, which are complete in themselves,
e.g. when transferring a file. The underlying protocol might not be able to handle that chunk size
(e.g. limitation of the network packet size), or is stream-based like TCP, which doesn't know data
chunks at all.
In that case the network protocol has to handle the chunk boundaries itself and (if required) spread
the data over multiple packets. It obviously also needs a mechanism to determine the chunk bound-
aries on the receiving side.
Tip!
Wireshark calls this mechanism reassembling, although a specific protocol specifica-
tion might use a different term for this (e.g. desegmentation, defragmentation, ...).
7.6.2. How Wireshark handles it
For some of the network protocols Wireshark knows of, a mechanism is implemented to find, de-
code and display these chunks of data. Wireshark will try to find the corresponding packets of this
chunk, and will show the combined data as additional pages in the "Packet Bytes" pane (for inform-
ation about this pane, see Section 3.18, “The "Packet Bytes" pane”).
Figure 7.2. The "Packet Bytes" pane with a reassembled tab
Note!
Reassembling might take place at several protocol layers, so it's possible that multiple
tabs in the "Packet Bytes" pane appear.
Note!
You will find the reassembled data in the last packet of the chunk.
An example: In a HTTP GET response, the requested data (e.g. an HTML page) is returned. Wire-
shark will show the hex dump of the data in a new tab "Uncompressed entity body" in the "Packet
Bytes" pane.
Reassembling is enabled in the preferences by default. The defaults were changed from disabled to
enabled in September 2005. If you created your preference settings before this date, you might look
if reassembling is actually enabled, as it can be extremely helpful while analyzing network packets.
The enabling or disabling of the reassemble settings of a protocol typically requires two things:
1. the lower level protocol (e.g., TCP) must support reassembly. Often this reassembly can be en-
abled or disabled via the protocol preferences.
Advanced Topics
141
- Wireshark User's Guide 1
- Table of Contents 4
- 1. Foreword 9
- 3. Acknowledgements 11
- 4. About this document 12
- Chapter 1. Introduction 16
- 1.1.6. Many protocol decoders 17
- 1.1.7. Open Source Software 17
- 1.1.8. What Wireshark is not 18
- 1.2. System Requirements 19
- 1.2.3. Unix / Linux 20
- 1.3. Where to get Wireshark? 21
- Wireshark 23
- 1.6.1. Website 24
- 1.6.2. Wiki 24
- 1.6.3. FAQ 24
- 1.6.4. Mailing Lists 24
- 1.6.5. Reporting Problems 25
- Introduction 27
- Download all required files! 29
- 2.8.1. Install Wireshark 36
- 2.8.1.4. Command line options 37
- 2.8.3. Update Wireshark 38
- 2.8.4. Update WinPcap 38
- 2.8.5. Uninstall Wireshark 38
- 2.8.6. Uninstall WinPcap 39
- Chapter 3. User Interface 41
- 3.2. Start Wireshark 42
- 3.3. The Main window 43
- 3.3.1. Main Window Navigation 44
- 3.4. The Menu 45
- Table 3.2. File menu items 46
- Table 3.3. Edit menu items 49
- Table 3.4. View menu items 51
- 3.8. The "Go" menu 55
- Table 3.6. Capture menu items 57
- Table 3.7. Analyze menu items 59
- Table 3.9. Tools menu items 64
- Table 3.10. Help menu items 65
- 3.19. The Statusbar 74
- User Interface 76
- 4.1. Introduction 77
- 4.2. Prerequisites 78
- 4.3. Start Capturing 79
- 4.5.1. Capture frame 82
- 4.5.2. Capture File(s) frame 84
- 4.5.3. Stop Capture... frame 84
- 4.5.4. Display Options frame 85
- 4.5.5. Name Resolution frame 85
- 4.5.6. Buttons 85
- Microsoft Windows only 86
- 4.8. Link-layer header type 89
- Capturing Live Network Data 92
- Printing 96
- 5.2. Open capture files 97
- 5.2.2. Input File Formats 99
- 5.3. Saving captured packets 101
- 5.3.2. Output File Formats 103
- 5.4. Merging capture files 105
- 5.5. File Sets 107
- 5.6. Exporting data 109
- File" dialog box 110
- 5.7. Printing packets 115
- 5.8. The Packet Range frame 117
- 5.9. The Packet Format frame 118
- Working with captured packets 121
- 6.2. Pop-up menus 122
- 6.4.1. Display filter fields 129
- 6.4.2. Comparing values 129
- 6.4.3. Combining expressions 131
- 6.4.4. A common mistake 132
- Warning! 135
- 6.8. Finding packets 138
- 6.9. Go to a specific packet 140
- 6.10. Marking packets 141
- Chapter 7. Advanced Topics 145
- 7.2. Following TCP streams 146
- 7.3. Expert Infos 148
- 7.3.1.3. Protocol 149
- 7.3.1.4. Summary 149
- 7.3.2.2. Details tab 150
- 7.4. Time Stamps 151
- 7.5. Time Zones 153
- 7.6. Packet Reassembling 156
- 7.7. Name Resolution 158
- 7.8. Checksums 160
- 7.8.2. Checksum offloading 161
- Advanced Topics 162
- Chapter 8. Statistics 163
- Statistics 164
- 8.4. Conversations 168
- 8.5. Endpoints 170
- 8.7. WLAN Traffic Statistics 174
- 8.8. Service Response Time 175
- 9.1. Introduction 179
- Customizing Wireshark 185
- 9.3. Packet colorization 186
- 9.4.2. User Specified Decodes 191
- 9.5. Preferences 193
- 9.5.1. Interface Options 194
- 9.6. Configuration Profiles 195
- Used as a folder name 196
- Illegal characters 196
- 9.7. User Table 198
- 9.8. Display Filter Macros 199
- 9.9. GeoIP Database Paths 200
- 9.11. SCCP users Table 202
- 9.13. SMI (MIB and PIB) Paths 204
- 9.14. SNMP users Table 205
- 10.1. Introduction 208
- Lua Support in Wireshark 209
- 10.4.1. Saving capture files 211
- 10.4.1.2. PseudoHeader 212
- 10.4.2.1. Field 213
- 10.4.2.2. FieldInfo 214
- 10.4.3. GUI support 215
- 10.4.3.2. TextWindow 216
- 10.4.3.3.1. gui_enabled() 218
- 10.4.3.3.4. retap_packets() 219
- 10.4.4.1. Listener 220
- 10.4.5.1. Address 221
- 10.4.5.2. Column 222
- 10.4.5.3. Columns 222
- 10.4.5.4. Pinfo 223
- 10.4.6.1. Dissector 225
- 10.4.6.2. DissectorTable 225
- 10.4.6.3. Pref 227
- 10.4.6.4. Prefs 228
- 10.4.6.5. Proto 229
- 10.4.6.6. ProtoField 229
- 10.4.7.1. TreeItem 237
- 10.4.8.1. ByteArray 238
- 10.4.8.2. Int 240
- 10.4.8.3. Tvb 240
- 10.4.8.4. TvbRange 241
- 10.4.8.5. UInt 243
- 10.4.9. Utility Functions 244
- 10.4.9.2.10. dofile(filename) 246
- Appendix A. Files and Folders 248
- Files and Folders 249
- • the current display filter 249
- Windows folders 251
- Unix/Linux folders 251
- C0.A8.2C.00 HR 254
- 00:00:BE:EF IT_Server1 254
- 110f FileServer3 254
- C.1. Packet List Messages 259
- C.2. Packet Details Messages 260
- Wireshark Messages 261
- D.1. Introduction 262
- Related command line tools 263
- CORBA IDL files 276
- D.9.4. TODO 278
- D.9.5. Limitations 278
- D.9.6. Notes 278
© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.218 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern