Re: How does wireshark identify tcp streams

[Bill Baltas <wbaltas () yahoo com>]

TCP streams are identified by the combination of 

Source IP address
Destination IP address
TCP port numbers (both source and destination)
Sequence numbers

Bill Baltas

Sent from my iPad

On May 22, 2011, at 12:00 PM, wireshark-users-request () wireshark org wrote:

> Send Wireshark-users mailing list submissions to
>    wireshark-users () wireshark org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
>    wireshark-users-request () wireshark org
>
> You can reach the person managing the list at
>    wireshark-users-owner () wireshark org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
>   1. Re: How does wireshark identify tcp streams? (Jaap Keuter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 21 May 2011 21:06:11 +0200
> From: Jaap Keuter <jaap.keuter () xs4all nl>
> To: Community support list for Wireshark
>    <wireshark-users () wireshark org>
> Subject: Re: [Wireshark-users] How does wireshark identify tcp
>    streams?
> Message-ID: <5F77E8C4-CFF7-4245-A3C4-5D6EC0D4CA1C () xs4all nl>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi, 
>
> You forgot the TCP port numbers. 
>
> Thanks,
> Jaap
>
> Send from my iPhone
>
> On 21 mei 2011, at 20:48, Irfan Habib <irfan () irfanhabib com> wrote:
>
> > But those would be identical for all traffic b/w a single source/Dest Ip Address
> >
> > -- 
> > Best Regards,
> > Irfan
> >
> > On Saturday, 21 May 2011 at 19:15, Guy Harris wrote:
> >
> > > On May 21, 2011, at 11:12 AM, Irfan Habib wrote:
> > >
> > > > Wireshark assigns numbers to tcp streams in a pcap file and packets can be filtered based on that tcp stream 
> > > > number. My question is, what properties in a packet does wireshark use to determine which tcp stream it is part of?
> > >
> > > Source and destination IP addresses and TCP port numbers.
> > > ___________________________________________________________________________
> > > Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
> > > Archives: http://www.wireshark.org/lists/wireshark-users
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> > > mailto:wireshark-users-request () wireshark org?subject=unsubscribe
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >            mailto:wireshark-users-request () wireshark org?subject=unsubscribe
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110521/365b12ca/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users () wireshark org
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 60, Issue 16
> ***********************************************
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe