Wireshark-bugs: [Wireshark-bugs] [Bug 1138] New: Follow TCP Streams gets stream direction wrong
Date: Mon, 2 Oct 2006 03:08:22 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138

           Summary: Follow TCP Streams gets stream direction wrong if
                    started from a server->client frame
           Product: Wireshark
           Version: 0.99.3
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jeff.morriss@xxxxxxxxxxx


Build Information:
--
--
After capturing some web traffic on my PC, I used Follow TCP Stream to look at
what was being exchanged there.  I then used the streams "stream direction"
selector (next to the Print button) to view only the data sent from my PC to
the web server or vice versa.

If I happened to have selected "Follow TCP Stream" on a frame from the web
server to my PC then the stream directions selected by this button are wrong. 
For example if I select "my PC --> web server" I see the data the web server
sent me and if I select "web server --> my PC" I see the GET request that my PC
sent.

Thanks to Stephen Fisher for helping me narrow down the exact symptom (e.g.,
that it works OK if I select "Follow TCP Stream" on a frame from my PC).


I looked around a bit and noticed that "gtk/follow_dlg.c" function
'follow_read_stream()' seems to take the first port it sees as the client port.
 However 'follow_stream_cb()' takes the first IP address from the
'follow_tcp_stats_t' structure as "Host 0".  I'd guess the assumption here is
that the two are the same, but it appears the assumption is wrong.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.