Ask Your Question
0

how does wireshark knows when the file download is completed

asked 2018-03-29 15:53:37 +0000

trogne gravatar image

updated 2018-03-29 15:55:11 +0000

Hi,

How does wireshark knows when the file download is completed ?

After downloading a file, we see the usual "FIN - FIN/ACK - FIN/ACK - FIN" packets.

The packet just before have the last part of the data. In this case, a jpg file.

For that packet, below the TCP layer, wireshark kindly reassembles the TCP segments, i.e. "10 Reassembled TCP Segments ...".

And below the "10 Reassembled..." line, we see the assembled HTTP and JPEG layers.

But what makes wireshark knows that this packet contains the last part of the jpg file ?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2018-03-29 16:03:03 +0000

Jasper gravatar image

That's because HTTP tells the content length in the 200 OK header before the content starts. Look in there and you'll see "Content-Length: xxx bytes", matching the number of bytes to follow. So Wireshark can track if that number of bytes were transferred and knows when to stop reassembly.

The same happens for all other protocols on TCP - they need to have some kind of length value that tells the receiver how long the content is.

edit flag offensive delete link more

Comments

Excellent thank you!

trogne gravatar imagetrogne ( 2018-03-29 16:05:43 +0000 )edit

Either that, or the connection on which the content is being sent is closed after the last byte of content is sent; that's how FTP works (it has a separate control connections and data connections; each data transfer has a separate data connection, which is closed after all the data is sent), and how HTTP works in some cases.

Guy Harris gravatar imageGuy Harris ( 2018-03-30 00:25:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-03-29 15:53:37 +0000

Seen: 1,272 times

Last updated: Mar 29 '18

Related questions

Why there is port mismatch in tcp and http header for port 51006. Also why the netstat in server do not shows connections under port 51006 even traffic is coming to this port.

Client is waiting for FIN flag from server for 30 sec

follow tcp stream dialogue box

How to tell if TCP segment contains a data in Wireshark?

Help to read this trace

Random Flooding of TCP Retransmissions

How to make wireshark pop out a file when there are a lot of tcp retransmissions?

how to create a graph of the number of active tcp connections over time?

how can I graph mysql response time in wireshark

Is it possible that wireshark doesn't recognize protocol?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2