Make sure that both the TCP preference "Allow subdissector to reassemble TCP streams" (as per Chris Maynard's comment) and the DIAMETER preference "Reassemble Diameter messages spanning multiple TCP segments" are both enabled (the checkbox has a check in it).
Go to Edit > Preferences on Windows or UN*Xes (such as Linux) that aren't macOS, or Wireshark > Preferences in macOS, and look under "Protocols" for those preferences (each protocol has an item under "Protocols"; look at the items for DIAMETER and TCP).
Thanks for the detailed explanation. I got that working! @Guy Harris
Asked: 2020-01-25 00:17:37 +0000
Seen: 1,256 times
Last updated: Jan 27 '20
What is it you're checking for? If a DIAMETER message doesn't fit entirely within one TCP segment, there will be packets shown as TCP and as part of the reassembled message, if Wireshark is doing reassembly of DIAMETER packets split over multiple TCP segments.
Hi Harris, I'm Checking for diameter packets length. But TCP segment was reassembled. I want to see those reassembled packets also in wireshark. Currently I am not able to see it.
In short, I wanted to know how to view the tcp reassembled packets in Wireshark. When the Diameter message doesn't fit in single TCP segment
Can you check your Wireshark preferences and be sure that the TCP preference to "Allow subdissector to reassemble TCP streams" is enabled?
Yes, it works! Thanks a lot.. @cmaynard