Ask Your Question

How could Wireshark pick out the streams of UDP or TCP?

asked 2022-04-09 04:50:26 +0000

markleo gravatar image

image description

how could wireshark to pick out TCP or UDP stream ?

what's the principle of this function of wireshark?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2022-04-09 07:57:30 +0000

Jaap gravatar image

A so called TCP or UDP 'stream' is a representation of a transport layer connection between two nodes. These connections are defined by their network layer source and destination addresses and transport layer ports, and for TCP by their state.

Wireshark assigns an index number to each of these streams it sees. Therefore it looks at the addresses and port numbers and keeps record of this combination. If the combination is new it assigns the next index number, if it has been seen before it retrieves the index number for that steam. The index number is then added as a generated field to the transport layer.

An added complication is that TCP connections can reuse the same address and port combination for a different transport layer connection. This is because TCP is a connection oriented protocol. Therefore Wireshark also keeps track of TCP connection opening and closing (SYN, FIN/RST flags). UDP, being connection-less, does not provide for this.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-04-09 04:50:26 +0000

Seen: 46 times

Last updated: Apr 09