Re: what does the TCP stream mean in wireshark

["Boonie" <newsboonie () gmail com>]

Were that packets of a cheap embeded device? Sounds like a buggy TCP stack to me.

  ----- Original Message ----- 
  From: nangergong 
  To: Community support list for Wireshark 
  Sent: Wednesday, May 23, 2012 2:13 PM
  Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark


  Thanks! But previously I saw a tcp stream where there are several TCP connections (I mean mutiple SYN-SYN/ACK-ACK 
handshakes)


  On Wed, May 23, 2012 at 12:48 PM, Martin Visser <martinvisser99 () gmail com> wrote:

    Nangergong,


    A TCP stream is a single connection between two IP addresses, between the two same ports. If you see the beginning 
you'll see the SYN-SYN/ACK-ACK handshake, an will also see the sequence numbers increasing. Some protocols like 
HTTP/1.1 can have multiple higher level conversations on the one connection, so I am not sure that is what you might be 
seeing?

    Regards, Martin

    MartinVisser99 () gmail com



    On 23 May 2012 20:28, nangergong <nangergong () gmail com> wrote:

      HI, all:

          In wireshark there is an option "Follow the TCP stream", I'm wondering what does it mean? it seems that in 
such a TCP stream there are multiple TCP connections.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe