Wireshark mailing list archives

Re: what does the TCP stream mean in wireshark

From: "Mason, Kevin" <kevin.mason () teamaol com>
Date: Wed, 23 May 2012 12:40:54 +0000

If you watch a given stream long enough, there will be connection re-use and you will see a sequence of connections.  
Also, some windows boxes use TCP TIME-WAIT Assassination, which rapidly reuses tcp ports.  
http://blogs.technet.com/b/networking/archive/2010/08/11/how-tcp-time-wait-assassination-works.aspx
---------
~KEM


On May 23, 2012, at 8:13 AM, nangergong wrote:

Thanks! But previously I saw a tcp stream where there are several TCP connections (I mean mutiple SYN-SYN/ACK-ACK 
handshakes)

On Wed, May 23, 2012 at 12:48 PM, Martin Visser <martinvisser99 () gmail com<mailto:martinvisser99 () gmail com>> wrote:
Nangergong,

A TCP stream is a single connection between two IP addresses, between the two same ports. If you see the beginning 
you'll see the SYN-SYN/ACK-ACK handshake, an will also see the sequence numbers increasing. Some protocols like 
HTTP/1.1 can have multiple higher level conversations on the one connection, so I am not sure that is what you might be 
seeing?

Regards, Martin

MartinVisser99 () gmail com<mailto:MartinVisser99 () gmail com>


On 23 May 2012 20:28, nangergong <nangergong () gmail com<mailto:nangergong () gmail com>> wrote:
HI, all:

    In wireshark there is an option "Follow the TCP stream", I'm wondering what does it mean? it seems that in such a 
TCP stream there are multiple TCP connections.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Re: what does the TCP stream mean in wireshark, (continued)
- - - Re: what does the TCP stream mean in wireshark Boonie (May 23)
    - Re: what does the TCP stream mean in wireshark Giles Coochey (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark kcullimo (May 23)
    - Re: what does the TCP stream mean in wireshark kcullimo (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 24)
    - Re: what does the TCP stream mean in wireshark Mason, Kevin (May 23)