Narayanan Vydianathan (nvydiana) wrote:
What does "Follow TCP stream " option do in Analyze menu ?
Creates a filter that accepts packets between the endpoints
(address/port) in the selected packets, filters the display, and, in the
process of doing that, puts the payload into the "Follow TCP Stream" window.
If I identify a TCP syn packet , can I trace all the packtes belonging
to this flow using the above option.
Yes - although note that the filter just checks for endpoint
identifiers, so if there's *more than one* connection between those
endpoints (i.e., a connection is opened, traffic goes between them, it's
closed, and then another connection is opened), you'll see traffic for
both of them.
I am interested in finding holes in a given flow (out of order
/retransmmision) issues in a flow.
Do I have to write custom filters to do this?
For out-of-order packets and retransmissions, turn on the "Analyze TCP
sequence numbers" preference for TCP, and the TCP dissector will flag
those. "tcp.analysis.out_of_order" matches frames transmitted out of
order, and "tcp.analysis.retransmission" matches frames that are
TCP-layer retransmissions. (You needn't use "Follow TCP Stream" for that.)
