Wireshark-users: Re: [Wireshark-users] How does wireshark identify tcp streams
From: Bill Baltas <wbaltas@xxxxxxxxx>
Date: Sun, 22 May 2011 13:44:40 -0700
TCP streams are identified by the combination of Source IP address Destination IP address TCP port numbers (both source and destination) Sequence numbers Bill Baltas Sent from my iPad On May 22, 2011, at 12:00 PM, wireshark-users-request@xxxxxxxxxxxxx wrote: > Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. Re: How does wireshark identify tcp streams? (Jaap Keuter) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 21 May 2011 21:06:11 +0200 > From: Jaap Keuter <jaap.keuter@xxxxxxxxx> > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Subject: Re: [Wireshark-users] How does wireshark identify tcp > streams? > Message-ID: <5F77E8C4-CFF7-4245-A3C4-5D6EC0D4CA1C@xxxxxxxxx> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > You forgot the TCP port numbers. > > Thanks, > Jaap > > Send from my iPhone > > On 21 mei 2011, at 20:48, Irfan Habib <irfan@xxxxxxxxxxxxxx> wrote: > >> But those would be identical for all traffic b/w a single source/Dest Ip Address >> >> -- >> Best Regards, >> Irfan >> >> On Saturday, 21 May 2011 at 19:15, Guy Harris wrote: >> >>> >>> On May 21, 2011, at 11:12 AM, Irfan Habib wrote: >>> >>>> Wireshark assigns numbers to tcp streams in a pcap file and packets can be filtered based on that tcp stream number. My question is, what properties in a packet does wireshark use to determine which tcp stream it is part of? >>> >>> Source and destination IP addresses and TCP port numbers. >>> ___________________________________________________________________________ >>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> >>> Archives: http://www.wireshark.org/lists/wireshark-users >>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110521/365b12ca/attachment.html> > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 60, Issue 16 > ***********************************************
- Prev by Date: Re: [Wireshark-users] How does wireshark identify tcp streams?
- Next by Date: [Wireshark-users] Fwd: Urgent help required for analyzing IEC61850 data packets in Ethereal
- Previous by thread: Re: [Wireshark-users] How does wireshark identify tcp streams?
- Next by thread: [Wireshark-users] Fwd: Urgent help required for analyzing IEC61850 data packets in Ethereal
- Index(es):