No tcp-syn packet or tcp-fin packets.

2020-04-30

gopal_72

For a conversation between two IP address, there is neither TCP-syn packet nor TCP-fin packet. So, in that case, how does the connection establishment and teardown have happened?

2020-04-30

grahamb

The missing events definitely happened, you just didn't capture them. Note that you might not get a FIN, RST may be used instead.

Another possible point of failure is selecting application payloads. For instance, if you

Follow TCP stream

you will get SYN and FIN packets IF they were captured. Let's pretend, for arguments sake, this TCP stream contains TLS, so if you filter on


then the TCP setup/teardown or discrete ACKs would not be visible. Only thing that shows is those TCP packets that contain TLS. Similar to http protocol, etc.

Bob Jones ( 2020-04-30 )

I hadn't thought that the user could have filtered them out.

grahamb ( 2020-04-30 )

