Im
going to assume that one port, be it the source or destination, is going to be
constant. If this is the case, you would be able to use a filter of (tcp.port
== <port number>) && (tcp.flags.syn == 1). This will show you
all SYN packets related to that socket, including any SYN, ACK packets from
the server.
Though
Im sure someone else on here will have a better way J.
-
FB
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of St
Onge,Adam
Sent: Thursday, April 23, 2009 9:25 AM
To:
'wireshark-users@xxxxxxxxxxxxx'
Subject: [Wireshark-users] Filter
for Unanswered SYN's
Im working on an
issue where a server is not answering TCP SYNs due to port reuse, while the
socket is still in Time_Wait on the server. I was wondering if there is a way
to do a filter that would show me tcp.flags eq 02 if there are multiples for
that same socket, or if there is no corresponding
Syn,Ack?
Thanks,
Adam
==============================================================================
This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies.
