My question is to find which computers are connected during the HTTP transfer, by only following the SYN packets. I have filtered on Wireshark the following command: tcp.flags.syn && http. I have got the following output: . I wanted to know how can I find which were those computers, is that meant by Source or?
tcp.flags.syn && http will match all TCP packets that are http protocol.
It is looking for the existance of tcp.flags.syn, not what state it is set to.
If you're looking to match SYN packets then the filter will be tcp.flags.syn ==1 && http but at that early stage in the conversation the protocol is not known so there will be no match on http.
If the http server is listening on the default port 80 then try this filter:
(tcp.flags.syn == 1 && tcp.port == 80)
There are more ways to fry this fish.
You can also check all the statistcics and see who is busy with HTTP traffic for example.
Asked: 2021-03-19 01:10:37 +0000
Seen: 366 times
Last updated: Mar 22 '21
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Can you tell us wether or not his is a question in your homework?