![]() If you do not know one of the TCP session peer IP’s The Wireshark conversations list shows a lot of useful information about all the conversations in a capture The list of conversations can be accessed through the Statistics drop down menu > Conversations Right click on a TCP session then Follow > TCP Stream, the result is a Wireshark display filter that shows only the packets in this sessionĪnother way to do the same is by using the “Conversations” list which can be accessed through “Statistics > Conversations” then you can sort the conversation list by bytes or number of packets in each direction or by totals which can be very useful. After that, you could just right click any packet in a TCP conversation of interest and do a quick “Follow TCP Stream” A quick method to zoom in on particular peers without knowing a specific session is to apply a wireshark display filter with both peer IP’s, this will show all conversations between those peers, for example: ![]() So how to find the specific session of interest? When you already know both TCP session peer IP’s ![]() Troubleshooting a specific TCP session in a Wireshark packet capture should be an easy or difficult task depending on the nature of the problem that’s being investigated, what can be cumbersome is actually finding that session in the middle of a huge capture file or even a running capture with lots of packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |