Ask Your Question

Revision history [back]

fragmented cflow packets

I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE, but still i cant reassemble it.

below is the example: packet-1: 16 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810

packet-2: 18 773 173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440

packet-3: 20 773 173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440

I want to re-assemble this and then analyse it as a cflow packets and get the fields values.

Could you please help me.

click to hide/show revision 2
None

updated 2020-10-20 08:01:03 +0000

grahamb gravatar image

fragmented cflow packets

I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE, but still i cant reassemble it.

below is the example: packet-1: example:

16        773  173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810
 
packet-2: TSecr=398428810
18        773  173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440
 
packet-3: TSecr=399197440
20        773  173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440
TSecr=399197440

I want to re-assemble this and then analyse it as a cflow packets and get the fields values.

Could you please help me.

click to hide/show revision 3
None

updated 2020-10-20 08:01:27 +0000

grahamb gravatar image

fragmented cflow packets

I have a packet capture which has fragmented cflow packets, i am not able to reassemble using tshark. I am trying to use -o tcp.desegment_tcp_streams:TRUE, tcp.desegment_tcp_streams:TRUE, but still i cant reassemble it.

below is the example:

16        773  173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=257 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=398428810
18        773  173.150.1.1 -> 172.148.1.50 TCP 570 50687 > personal-agent [ACK] Seq=757 Ack=1 Win=8192 Len=500 TSval=22838 TSecr=399197440
20        773  173.150.1.1 -> 172.148.1.50 TCP 520 50687 > personal-agent [PSH, ACK] Seq=1257 Ack=1 Win=8192 Len=450 TSval=22838 TSecr=399197440

I want to re-assemble this and then analyse it as a cflow packets and get the fields values.

Could you please help me.