Ask Your Question
0

Uses for Follow >> TCP/UDP Stream

asked 2024-12-31 12:21:22 +0000

nonomer174 gravatar image

updated 2025-01-19 02:40:19 +0000

Guy Harris gravatar image

hi , what is the use of Follow >> TCP/UDP Stream while analyzing pcap file and what are most use cases ?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-12-31 12:45:37 +0000

hugo.vanderkooij gravatar image

updated 2025-01-01 16:57:55 +0000

grahamb gravatar image

I have multiple use cases.

  1. Follow specific stream to see TCP handling issues like Selective ACKnowledgements.
  2. Read the content of a HTTP request. Not as useful as it used to be.
  3. Whatever packet triggers my curiosity and I want to learn the context of the packet.
edit flag offensive delete link more

Comments

Follow specific stream to see TCP handling issues like Selective ACKnowledgements.

Presumably meaning "use Follow TCP Stream to filter out all packets except for the one in the stream", i.e. using "Follow TCP Stream" for the side-effect of filtering traffic. (Wireshark should have a way to show conversations and let you click on one to filter out everything except for that conversation, or to pop up a context menu on a packet and filter on the conversation(s) to which it belongs.)

Read the content of a HTTP request. Not as useful as it used to be.

Because there's less HTTP-over-TCP than there used to be, for example (i.e., more and more is HTTP-over-TLS).

Guy Harris gravatar imageGuy Harris ( 2025-01-19 02:38:50 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2024-12-31 12:21:22 +0000

Seen: 159 times

Last updated: yesterday