ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Follow TCP Stream problem?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Tue, 9 Oct 2001 11:32:50 -0700 (PDT)
> Can someone verify this? 

I can't - I have another HTTP capture, and if I do a "Follow TCP Stream"
on one of the conversations, selecting

	XXX.XXX.XXX.XXX:XXXX --> YYY.YYY.YYY.YYY:80

does, in fact, show the requests from client to server.

> I think the fix is to change lines 488 & 495 in 
> gtk/follow_dlg.c. Just swap the lines.

The code around line 488 is

            if (memcmp(client_addr, sc.src_addr, iplen) == 0 &&
                client_port == sc.src_port) {
                is_server = FALSE;
                global_pos = &global_client_pos;
                if (follow_info->show_stream == FROM_SERVER) {
                        skip = TRUE;
                }
            }

The "if" tests whether the client address and port match the source
address and port, so if we're trying to see stuff from the server, we'd
presumably want to skip that part of the conversation, so the test on
line 488 for "follow_info->show_stream == FROM_SERVER" would appear to
be correct.

The reverse applies to the code around line 495, which is the code
that's executed if the client address and port don't match the source
address and port.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube