Wireshark mailing list archives

Re: what does the TCP stream mean in wireshark

From: Giles Coochey <giles () coochey net>
Date: Wed, 23 May 2012 13:55:24 +0100

On 23/05/2012 13:49, Boonie wrote:

Were that packets of a cheap embeded device? Sounds like a buggy TCPstack to me.

Or he might have a Layer-2 Spanning Tree Loop...

    ----- Original Message -----
    *From:* nangergong <mailto:nangergong () gmail com>
    *To:* Community support list for Wireshark
    <mailto:wireshark-users () wireshark org>
    *Sent:* Wednesday, May 23, 2012 2:13 PM
    *Subject:* Re: [Wireshark-users] what does the TCP stream mean in
    wireshark

    Thanks! But previously I saw a tcp stream where there are several
    TCP connections (I mean mutiple SYN-SYN/ACK-ACK handshakes)

    On Wed, May 23, 2012 at 12:48 PM, Martin Visser
    <martinvisser99 () gmail com <mailto:martinvisser99 () gmail com>> wrote:

        Nangergong,

        A TCP stream is a single connection between two IP addresses,
        between the two same ports. If you see the beginning you'll
        see the SYN-SYN/ACK-ACK handshake, an will also see the
        sequence numbers increasing. Some protocols like HTTP/1.1 can
        have multiple higher level conversations on the one
        connection, so I am not sure that is what you might be seeing?

        Regards, Martin

        MartinVisser99 () gmail com <mailto:MartinVisser99 () gmail com>


        On 23 May 2012 20:28, nangergong <nangergong () gmail com
        <mailto:nangergong () gmail com>> wrote:

            HI, all:

                In wireshark there is an option "Follow the TCP
            stream", I'm wondering what does it mean? it seems that in
            such a TCP stream there are multiple TCP connections.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

what does the TCP stream mean in wireshark nangergong (May 23)
- Re: what does the TCP stream mean in wireshark NITIN GOYAL (May 23)
- Re: what does the TCP stream mean in wireshark Martin Visser (May 23)
  - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark Boonie (May 23)
    - Re: what does the TCP stream mean in wireshark Giles Coochey (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark kcullimo (May 23)
    - Re: what does the TCP stream mean in wireshark kcullimo (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 23)
    - Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
    - Re: what does the TCP stream mean in wireshark nangergong (May 24)
    - Re: what does the TCP stream mean in wireshark Mason, Kevin (May 23)