Ask Your Question
0

discrepancies between flow analysis between version 3.0.5 and 4.2.4

asked 2024-07-05 09:58:16 +0000

mba gravatar image

Analysing the same PCAP file between 2 version of Wireshark gives me different numbers of conversations (tcp flow)

  • Wireshark v3.0.5 (Conversations): 2270
  • Wireshark v4.2.4 (Conversations): 4370
edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-07-05 11:36:19 +0000

SYN-bit gravatar image

A few questions:

  • Are you using the same system for both versions of Wireshark?
  • Are you using the same settings (try creating a new empty profile in both versions and see if the discrepancies go away)?
  • Are you seeing this with a particular pcap file only, or with many (all) of your files?

If that does not help, could you try to extract a few tcp sessions that exhibit the discrepancies into a new pcap file and share it so we can take a look at the issue?

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2024-07-05 09:58:16 +0000

Seen: 72 times

Last updated: Jul 05