I’m going to assume that one port, be it the source or
destination, is going to be constant. If this is the case, you would be able to
use a filter of (tcp.port == <port number>) && (tcp.flags.syn ==
1). This will show you all SYN packets related to that socket, including any
SYN, ACK packets from the server.
Though I’m sure someone else on here will have a better way J.
-
FB
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of St Onge,Adam
Sent: Thursday, April 23, 2009 9:25 AM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: [Wireshark-users] Filter for Unanswered SYN's
I’m
working on an issue where a server is not answering TCP SYN’s due to port
reuse, while the socket is still in Time_Wait on the server. I was wondering if
there is a way to do a filter that would show me “tcp.flags eq 02” if there are
multiples for that same socket, or if there is no corresponding Syn,Ack?
Thanks,
Adam
==============================================================================
This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies.
