 | 1 | initial version |
There's "TCP reassembly" in the sense of the mechanism used when dissecting packets and there's "TCP reassembly" in the sense of the mechanism used by "Follow TCP Stream".
You're referring to the latter of those.
This is done differently in current versions of Wireshark. "Follow TCP Stream" has been generalized to "Follow XXX Stream"; the various "XXX" dissectors register their own code to do stream-following, using the register_follow_stream() routine. For example, for XXX = TCP, that's done in a call at the end of proto_register_tcp() in epan/dissectors/packet-tcp.c.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
