2024-01-10 23:24:41 +0000 | marked best answer | TCP analysis on packets captured with smaller snaplength We are capturing packets and only first 100 Bytes are captured due to privacy reasons, but because of that TCP analysis becomes wrong, all TCp segments believe that previous segment is lost ( because of sequence numbers). Is there a way to modify the capture file i.e look at Ip.length and based on that add '00' to the packet bytes, so that analysis becomes correct? I know TCp checksum will be wrong but at least TCP analysis will be good |
2024-01-10 18:00:19 +0000 | commented question | TCP analysis on packets captured with smaller snaplength Thanks @SYN-bit, this was really useful. I modified the bytes on wire and that resolved this issue |
2024-01-09 18:53:36 +0000 | commented question | TCP analysis on packets captured with smaller snaplength But for TCP analysis we need complete packet else TCP analysis becomes wrong in Wireshark |
2024-01-09 17:59:47 +0000 | asked a question | TCP analysis on packets captured with smaller snaplength TCP analysis on packets captured with smaller snaplength We are capturing packets and only first 100 Bytes are captured |