What does the attribute 'Flows' of TCP stream mean in Statistics-Conversations ?

asked 2024-09-02 09:04:10 +0000

RakuLomis
1 ●1 ●2

updated 2024-09-02 09:04:54 +0000

In Statistics-Conversations-TCP, we can see the statistical information of each TCP stream. For each stream entry, the last feature is 'Flows'. What does 'Flows' mean here, and why one stream can contain considerable 'Flows', like 60?

I found one explanation stating that the same 5 tuples, {src_ip, src_port, dst_ip, dst_port, protocol}, define the same flow. However, in the traffic set I captured, there are only two kind of IP addresses(192.168.5.20 for the client and 183.131.147.18 for the server), ports(53775 for the client and 443 for the server) and protocols(TCP and TLSv1.3). If flows are defined by the 5 tuples, there should theoretically be only 2^5=32 kinds flows theoretically, but in pratice, there are 60.

I would be greatly appreciated it if you could explain the actual definiation of 'flow' and 'stream' and their differences in Wireshark. Thank you very much.

edit retag flag offensive close merge delete

add a comment

Comments

Thank you for your kindly comments.

Indeed, the attribute 'Flows' is 'Flow Reversals', which counts the number of times there is payload delivered below the TCP protocol that is in a different direction than the last non-empty payload packet in that same conversation (can be seen in 1593: Enhancement to add data flow reversal counts to TCP statistics).

RakuLomis ( 2024-09-03 07:15:14 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

What does the attribute 'Flows' of TCP stream mean in Statistics-Conversations ?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

What does the attribute 'Flows' of TCP stream mean in Statistics-Conversations ? edit

1 Answer

Comments