Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: what does the TCP stream mean in wireshark

From: Sake Blok <sake () euronet nl>
Date: Wed, 23 May 2012 20:19:51 +0200
Version 1.6.6 should make a distinction between two sessions with the same ip/port combinations. Are you able to post 
the file here (if not to big) or else create a bug-report on bugs.wireshark.org? You can also mail me directly if you 
want to limit the exposure of the file.

Cheers,
Sake


On 23 mei 2012, at 17:21, nangergong wrote:


Version 1.6.6

On Wed, May 23, 2012 at 5:09 PM, Sake Blok <sake () euronet nl> wrote:
Those sessions should be treated as separate. This has been implemented a few years ago already. Which version of 
Wireshark are you using?

Cheers,
Sake


On 23 mei 2012, at 16:31, nangergong wrote:


yes

On Wed, May 23, 2012 at 4:22 PM, <kcullimo () runbox com> wrote:
----- Start Original Message -----
Sent: Wed, 23 May 2012 14:56:39 +0200
From: nangergong <nangergong () gmail com>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark


I used a mobile browser in a HTC smartphone to access some websites and I
used wireshark to capture the packets between the mobile browser and the
website servers.


Multiple handshakes wherein the same source & destination ports were re-used?



On Wed, May 23, 2012 at 2:49 PM, Boonie <newsboonie () gmail com> wrote:


**
Were that packets of a cheap embeded device? Sounds like a buggy TCP stack
to me.


----- Original Message -----
*From:* nangergong a <nangergong () gmail com>
*To:* Community support list for Wireshark <wireshark-users () wireshark org>
*Sent:* Wednesday, May 23, 2012 2:13 PM
*Subject:* Re: [Wireshark-users] what does the TCP stream mean in
wireshark

Thanks! But previously I saw a tcp stream where there are several TCP
connections (I mean mutiple SYN-SYN/ACK-ACK handshakes)

On Wed, May 23, 2012 at 12:48 PM, Martin Visser <martinvisser99 () gmail com>wrote:


Nangergong,

A TCP stream is a single connection between two IP addresses, between the
two same ports. If you see the beginning you'll see the SYN-SYN/ACK-ACK
handshake, an will also see the sequence numbers increasing. Some protocols
like HTTP/1.1 can have multiple higher level conversations on the one
connection, so I am not sure that is what you might be seeing?

Regards, Martin

MartinVisser99 () gmail com


 On 23 May 2012 20:28, nangergong <nangergong () gmail com> wrote:


HI, all:

    In wireshark there is an option "Follow the TCP stream", I'm
wondering what does it mean? it seems that in such a TCP stream there are
multiple TCP connections.




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


----- End Original Message -----
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: