Wireshark-users: Re: [Wireshark-users] "Follow TCP Stream" feature question
Date: Mon, 8 Dec 2008 17:55:42 +0100
Hi John,

When you select a packet in the Packet List and select Follow TCP Stream
Wireshark will set a display filter based on ip addresses and port numbers.
In de window next to Filter: and you can see the filter, i.e.
(ip.addr eq 192.168.100.5 and ip.addr eq 199.181.12.250) and (tcp.port eq
1042 and tcp.port eq 80)

To see all the conversations in your capturefile go to: Statistics -> Conversations
-> TCP
You can select another conversation by right-clicking and select Apply as
Filter -> Selected -> A <-> B

Thanks
Joan

On Mon, 8 Dec 2008 10:34:23 -0500 John Wright wrote:
>Wireshark experts
>When I select a frame in the wireshark capture and then select the
>"follow the TCP stream" feature for that frame; what exactly am I seeing
>in that "follow the TCP stream" display?
>Is the resulting display the whole TCP conversation between the two end
>points or is it just that one frame that I am seeing?
> 
>I am trying to figure out why two particular devices on our LAN have so
>many TCP retrans when they are talking to one another. 
> 
> Confidentiality Notice:  This e-mail message, including all accompanying
>documents, may contain information which is confidential, privileged or
otherwise
>protected from disclosure under law. The information is intended only for
>the person(s) to whom it is addressed. If the recipient of this e-mail is
>not the designated recipient or the employee or agent responsible for delivering
>this e-mail to the designated recipient, you are hereby notified that any
>use, review, disclosure, copying, distribution, alteration or manipulation
>of this e-mail or its contents is strictly prohibited. If you have received
>this e-mail in error, please notify the sender and delete the e-mail from
>your computer system immediately.
>KBCDISv1
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users