Wireshark-users: [Wireshark-users] TCP stream reassembly with timestamps
From: Neilen Marais <nmarais@xxxxxxxxx>
Date: Thu, 5 Jan 2012 17:19:58 +0200
I'm using wireshark to sniff communications between devices that use
katcp (https://casper.berkeley.edu/wiki/KATCP). Katcp is a very simple
text orientated messaging scheme, where messages are
newline-delimited. Using wireshark's TCP stream reassembly I have 90%
of my needs covered.

The only other thing I need is a way to timestamp each newline in the
reassembled stream. Is there a simple way to do this in wireshark?
Essentially (I guess) is a way to map a part of the reassembled TCP
payload to the packet that it came from.

Thanks
Neilen

P.S. Apologies if this message is duplicated -- I tried sending it
through gmane, but never received the confirmation email.