Host conversations - IP or TCP

If i need to find out which hosts communicated with eachother from a capture.. then when looking at the conversations windows, do I look at the IPv4 tab or the TCP tab?

Just that in the IP tab there is a conversation with which is not in the TCP tab and I am unsure if it is counted as a host communicating


The IPv4 and IPv6 tab shows you all conversations between two hosts/IPv4/IPv6 addresses, regardless of the used protocols or how many sessions they have been established during the capture.

The TCP tab shows you each single TCP session between two IP hosts. That could be one, two or more sessions per host pair.

The conversation with is probably DNS traffic, which uses (mostly) UDP instead of TCP. You will find it in the UDP tab.

To answer your question: to see all conversations use the IPv4 and IPv6 tab. Remember that conversations to multicast and broadcast addresses will also count as a conversation. If you need to find out the conversations between hosts only, you've to filter them out.

The communication to is likely to be a DNS request to the public Google DNS resolvers which will be over UDP. Check the UDP tab.

Not all IP traffic is TCP, as noted above there are other options as shown in the IANA registry.

