Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-11-26 18:32:03 +0000

Stuart Kendrick gravatar image

How does 'Follow TCP Stream' work

How does this feature work?

Occurs to me that perhaps it tracks source / destination IP addresses plus TCP Port numbers ... or perhaps it peers at TSVal and TSecr ... or perhaps it uses a mix of both.

[I am trying to follow a TCP Stream in two pcaps, one take on the internal side of a NAT Router, the other taken on the external side ... and the result isn't as wonderful as I was imagining it would be ... so now I want to understand how this feature works, so I can better understand the discrepancies I am seeing.]

--sk

How does 'Follow TCP Stream' work

How does this feature work?

Occurs to me that perhaps it tracks source / destination IP addresses plus TCP Port numbers ... or perhaps it peers at TSVal and TSecr ... or perhaps it uses a mix of both.

[I am trying to follow a TCP Stream in two pcaps, one take on the internal side of a NAT PAT Router, the other taken on the external side ... and the result isn't as wonderful as I was imagining it would be ... so now I want to understand how this feature works, so I can better understand the discrepancies I am seeing.]

--sk

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2