Ask Your Question
0

Host conversations - IP or TCP

asked 2021-04-01 08:59:23 +0000

bb25 gravatar image

Hi,

If i need to find out which hosts communicated with eachother from a capture.. then when looking at the conversations windows, do I look at the IPv4 tab or the TCP tab?

Just that in the IP tab there is a conversation with 8.8.8.8 which is not in the TCP tab and I am unsure if it is counted as a host communicating

Thanks!

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
0

answered 2021-04-01 10:38:06 +0000

JasMan gravatar image

The IPv4 and IPv6 tab shows you all conversations between two hosts/IPv4/IPv6 addresses, regardless of the used protocols or how many sessions they have been established during the capture.

The TCP tab shows you each single TCP session between two IP hosts. That could be one, two or more sessions per host pair.

The conversation with 8.8.8.8 is probably DNS traffic, which uses (mostly) UDP instead of TCP. You will find it in the UDP tab.

To answer your question: to see all conversations use the IPv4 and IPv6 tab. Remember that conversations to multicast and broadcast addresses will also count as a conversation. If you need to find out the conversations between hosts only, you've to filter them out.

edit flag offensive delete link more
0

answered 2021-04-01 09:56:39 +0000

grahamb gravatar image

The communication to 8.8.8.8 is likely to be a DNS request to the public Google DNS resolvers which will be over UDP. Check the UDP tab.

Not all IP traffic is TCP, as noted above there are other options as shown in the IANA registry.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-04-01 08:59:23 +0000

Seen: 629 times

Last updated: Apr 01 '21