Wireshark · Wireshark-users: [Wireshark-users] Unanswered SYNs

Wireshark-users: [Wireshark-users] Unanswered SYNs

From: "Sheahan, John" <John.Sheahan@xxxxxxxxxxxxx>

Date: Fri, 11 Apr 2008 12:13:52 -0400

I recently ran accross a problem where the application engineers were complaining that they were getting java socket timeouts in the server logs.

They said that the application would only log this problem if the server attempted to connect but the 3 way handshake failed.

After sniffing the communication using Sniffer Pro, the "expert" did not find these unanswered SYNs.

I wound up having to apply a SYN and FIN filter at the same time, exporting it to CSV, importing it into Excel and sorting by port.

At that point, I was able to scroll down through every converstation in the trace and see if every SYN that was sent had a corresponding FIN. When I did this, I was able to easily spot multiple unanswered FINs, get the port number and filter on those, thus solving the application engineer's problem.

My question is, is there some way that I could have used the wireshark software to filter on unanswered SYNs and could have saved myself alot of work?

thanks

jack

Follow-Ups:
- Re: [Wireshark-users] Unanswered SYNs
  - From: Gerald Combs
- Re: [Wireshark-users] Unanswered SYNs
  - From: Hansang Bae

Prev by Date: Re: [Wireshark-users] Merging HTTP packets
Next by Date: [Wireshark-users] sequence number and packet id
Previous by thread: Re: [Wireshark-users] Help - Regarding Wireshark rpm
Next by thread: Re: [Wireshark-users] Unanswered SYNs
Index(es):
- Date
- Thread