Hi,
I captured DCERPC traffic and then I did a filter to isolate a particular call ID with that filter : dcerpc.cn_call_id == 96 I went trough that problem: When selecting the option "Allow subdissector to reassemble TCP streams" checked the filter catches only the Request. When deselecting the option "Allow subdissector to reassemble TCP streams" the filter catches both the Request and The Response. The frame is identified as limited during capture but I know it's not, I did a full frame capture. Might it be because the frame is exactly 1514 bytes long or I might be wrong with something ? I attached a small capture that has what I described. Regards. =========================================== André Noël
dcerpc.pcap
Description: dcerpc.pcap
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
