No tcp-syn packet or tcp-fin packets.

asked 2020-04-30 04:04:37 +0000

gopal_72
3 ●2

For a conversation between two IP address, there is neither TCP-syn packet nor TCP-fin packet. So, in that case, how does the connection establishment and teardown have happened?

answered 2020-04-30 09:07:27 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●973 ●227 https://www.wireshark.org

The missing events definitely happened, you just didn't capture them. Note that you might not get a FIN, RST may be used instead.

edit flag offensive delete link

Comments

Another possible point of failure is selecting application payloads. For instance, if you

Follow TCP stream

you will get SYN and FIN packets IF they were captured. Let's pretend, for arguments sake, this TCP stream contains TLS, so if you filter on

tls

then the TCP setup/teardown or discrete ACKs would not be visible. Only thing that shows is those TCP packets that contain TLS. Similar to http protocol, etc.

Bob Jones ( 2020-04-30 15:05:31 +0000 )edit

I hadn't thought that the user could have filtered them out.

grahamb ( 2020-04-30 15:20:32 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

No tcp-syn packet or tcp-fin packets.

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

No tcp-syn packet or tcp-fin packets. edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

No tcp-syn packet or tcp-fin packets.