0

what's the `tcp.analysis` ? and `tcp.analysis.flags`?

asked 2020-08-26 09:13:43 +0000

liaodalin19903
5 ●2 ●2 ●4

image description

I have several questions about wireshark packet.

why when I request a website, there will get two TCP connection? you see the first two packets60907 -> 80 and 60908->80

2.what's the tcp.analysis ? and tcp.analysis.flags?

3.is it possible to sort the TCP connection packets by each connect? I mean, if there have two TCP connections, you see the 1-6 packet. is it possible to list like: 1 3 5 2 4 6

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

2

answered 2020-08-26 11:45:09 +0000

flag of Netherlands

13742 ●711 ●115

The web client tries to optimise the user experience by trying to get all information as fast as possible. It then helps to open multiple TCP connections to get at the various resources that make up a web page, e.g., the text content and graphics.
tcp.analysis is the Wireshark analysis of the TCP sequence numbers and acknowledgements so far. It includes metrics like RTT, bytes in flight, bytes since last PSH. The flags are noticeable aspects of the current packet.
Yes, add a column (type custom) with field tcp.stream as field, and use that to sort.

edit flag offensive delete link

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2020-08-26 09:13:43 +0000

Seen: 3,931 times

Last updated: Aug 26 '20

Related questions