Hello,
From the TCP point of view,
there is no "last TCP segment" for a given message/pdu,
because TCP does not know anything about your message/pdu.
TCP is only a byte stream.
It is the protocol above TCP which (is supposed to) know where is the
last TCP segment.
TCP knows the sequence of packets for a given connection.
Thanks to Sequence Number.
For your filter/save problem,
perhaps you can :
- apply your filter
- then, right click on a packet / Conversation Filter / Tcp
--> the missing TCP segment packets reappear
- save (eventually selecting a range of packets)
Olivier
Salman Malik a écrit :
Hello all,
I wanted to ask: how does wireshark detect segments of TCP ? I mean
which field does it camp on to detect if the last TCP segment has
arrived ?
Actually I'm working with some GTP traffic, when I filter it for
m-send-req message (used in mms transaction flow) and try to save it
in a separate pcap, I don't see the packet (primarily because the
packet consisted of two TCP segments, first of which was not shown
after the application of filter and thus is shown as "continuation or
non-http traffic") . Someone help please !
------------------------------------------------------------------------
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up
now. <https://signup.live.com/signup.aspx?id=60969>
------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
--
Wireshark Generic Dissector http://wsgd.free.fr
