Wireshark mailing list archives
Re: How source and destination is identified in Wireshark?
From: Guy Harris <guy () alum mit edu>
Date: Fri, 28 Jan 2011 17:47:36 -0800
On Jan 28, 2011, at 5:38 PM, Andrew Hood wrote:
This tends to fail on Windoze,
There's no guarantee that it will succeed, which is the ultimate point: 1) in the "show me the conversations" tap, Wireshark and TShark *DO NOT IDENTIFY THE SOURCE AND DESTINATION*, belief by anybody to the contrary nonwithstanding - it merely chooses which endpoint to put first, based on the guess Ronnie described, which may or may *correctly* guess which endpoint is the source, and may be more likely to incorrectly guess if the source is running Windows; 2) there *IS NO MAGIC WAY TO IDENTIFY THE "source" or "destination" OF A TCP CONNECTION AT THE TCP LAYER UNLESS YOU'VE SEEN THE INITIAL SYN OR THE RESPONDING SYN+ACK*; so asking how Wireshark/TShark magically achieves this impossible goal, in order to determine how to achieve this impossible goal in other code, is a waste of time. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 24)
- Re: How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Martin Visser (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- Re: How source and destination is identified in Wireshark? ronnie sahlberg (Jan 28)
- Re: How source and destination is identified in Wireshark? Andrew Hood (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark Sake Blok (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 30)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 31)
- Re: How source and destination is identified in Wireshark? Berkay Celik (Jan 24)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 24)