1 | initial version |
TCP conversation completeness is a bitwise field where the occurance of certain flags over the conversation is recorded and then every packet in the TCP conversation gets that value for conversation completeness. The flags being recorded are:
1 - SYN from client 2 - SYN/ACK from server 4 - bare ACK (any direction) 8 - data (any direction) 16 - FIN (any direction) 32 - RST (any direction)
Which means a TCP conversation with completeness value 60 has seen a bare ACK, data, a FIN and a RST, but no SYN from the client and no SYN/ACK from the server. In short, the capture was started in the middle of the session. That's why it is marked as "Incomplete".