Wireshark · Wireshark-users: [Wireshark-users] TCP streams and FW-1

Wireshark-users: [Wireshark-users] TCP streams and FW-1

From: Hugo van der Kooij <hugo.van.der.kooij@xxxxx>

Date: Wed, 27 Aug 2014 12:31:21 +0000

Hi,

I find the way that wireshark can handle TCP streams very usefull.

However I work a lot with `fw monitor` capture files and then I find that TCP stream are harder to distinguish.

Is there a way to add the TCP stream logic with the details you can get in regard to the FW-1 details that are hidden in the layer-2 details?

For now I determine the interfaces in use by hand and then split the single `fw monitor` into 4 files.

Would it be possible to combine the "follow TCP stream" option with following only the relevant measuring point in the Check Point firewall?


Regards,
Hugo

Met vriendelijke groet,
With kind regards,

Hugo van der Kooij
support engineer

Qi ict

Delftechpark 35-37
Postbus 402, 2600 AK Delft


T : +31 15 888 0 345
F : +31 15 888 0 445
E : mailto:hugo.van.der.kooij@xxxxx
I : http://www.qi.nl

Prev by Date: [Wireshark-users] USB Capture Explanation: Difference Interface vs. Port vs. Endpoint
Next by Date: [Wireshark-users] Decoding SNMP OIDs using tshark
Previous by thread: [Wireshark-users] USB Capture Explanation: Difference Interface vs. Port vs. Endpoint
Next by thread: [Wireshark-users] Decoding SNMP OIDs using tshark
Index(es):
- Date
- Thread