Ask Your Question
0

How does 'Follow TCP Stream' work

asked 2018-11-26 18:32:03 +0000

updated 2018-11-26 18:41:25 +0000

How does this feature work?

Occurs to me that perhaps it tracks source / destination IP addresses plus TCP Port numbers ... or perhaps it peers at TSVal and TSecr ... or perhaps it uses a mix of both.

[I am trying to follow a TCP Stream in two pcaps, one take on the internal side of a PAT Router, the other taken on the external side ... and the result isn't as wonderful as I was imagining it would be ... so now I want to understand how this feature works, so I can better understand the discrepancies I am seeing.]

--sk

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-11-27 13:25:55 +0000

cmaynard gravatar image

I have never dug deeply into it, but the best place to learn about it is probably the source code, starting with packet-tcp.c and follow.c.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-11-26 18:32:03 +0000

Seen: 48 times

Last updated: Nov 27