Wireshark · Wireshark-users: [Wireshark-users] follow stream by tcp sequence numbers?

Wireshark-users: [Wireshark-users] follow stream by tcp sequence numbers?

From: "Fender, Brian" <FenderB@xxxxxxxxxxxxxxx>

Date: Mon, 14 Jul 2008 12:01:22 -0400

Hi all,

I'm trying to debug a problem where a small percentage of certain HTTP transactions are being reset unexplainably. There is a load balancer between the client and server performing source NAT, plus other network devices along the route. I reproduced the problem while capturing with tcpdump from the client, loadbalancer, and server in parallel. I merged all three captures together and am trying to isolate individual bad requests across all three viewpoints. It seems that "Follow TCP Stream" only looks at ip and port numbers, so it only the portion of the transaction up to address translation.

Is there any way to isolate a transaction based on TCP sequence numbers only (or any other reliable method you might know of)? I think I can do it manually but it is incredibly time consuming.

-Brian

Follow-Ups:
- Re: [Wireshark-users] follow stream by tcp sequence numbers?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Shell script to use tshark
Next by Date: [Wireshark-users] load additional SNMP MIBS
Previous by thread: [Wireshark-users] Unsatisfied Symbols while building wireshark
Next by thread: Re: [Wireshark-users] follow stream by tcp sequence numbers?
Index(es):
- Date
- Thread