Ask Your Question

how does wireshark knows when the file download is completed

asked 2018-03-29 15:53:37 +0000

trogne gravatar image

updated 2018-03-29 15:55:11 +0000


How does wireshark knows when the file download is completed ?

After downloading a file, we see the usual "FIN - FIN/ACK - FIN/ACK - FIN" packets.

The packet just before have the last part of the data. In this case, a jpg file.

For that packet, below the TCP layer, wireshark kindly reassembles the TCP segments, i.e. "10 Reassembled TCP Segments ...".

And below the "10 Reassembled..." line, we see the assembled HTTP and JPEG layers.

But what makes wireshark knows that this packet contains the last part of the jpg file ?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2018-03-29 16:03:03 +0000

Jasper gravatar image

That's because HTTP tells the content length in the 200 OK header before the content starts. Look in there and you'll see "Content-Length: xxx bytes", matching the number of bytes to follow. So Wireshark can track if that number of bytes were transferred and knows when to stop reassembly.

The same happens for all other protocols on TCP - they need to have some kind of length value that tells the receiver how long the content is.

edit flag offensive delete link more


Excellent thank you!

trogne gravatar imagetrogne ( 2018-03-29 16:05:43 +0000 )edit

Either that, or the connection on which the content is being sent is closed after the last byte of content is sent; that's how FTP works (it has a separate control connections and data connections; each data transfer has a separate data connection, which is closed after all the data is sent), and how HTTP works in some cases.

Guy Harris gravatar imageGuy Harris ( 2018-03-30 00:25:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-03-29 15:53:37 +0000

Seen: 52 times

Last updated: Mar 29