> smh1@xxxxxxxxxxx
> Hello All...
> I'm brand new to Ethereal and am using it to try to determine what
> sort of conversation is going on behind the scenes as my app
> attempts to connect to a proxy server. I step through my app in
> debug mode of Delphi as it attempts to connect to the proxy, but
> nothing comes up in the "Follow TCP Stream" window of Ethereal -
> it's totally empty. As far as I know, I am following the proper
> procedure of right-clicking on one of the packets involved in the
> TCP communication between my app and the proxy, and then
> selecting "Follow TCP Stream". Shouldn't the conversation between
> my app and the proxy be displayed here?
> No doubt I'm doing something fundamentally wrong ... anyone
> have any thoughts?
>
> Thanks!
> Shawn
Hi,
Not exactly. In the "Follow TCP Stream" window you will see the data inside the packets. That is, if your application is talking something human-readable with the proxy -like HTTP-, you'll see the GETs, POSTs, etc.; if it is not readable you'll see an ASCII transcription of the bytes. But TCP packets that have no data -like the SYN, ACK that start the session- are not reflected in the window.
When you click on "Follow TCP Stream", in addition to showing the window, Ethereal will apply a display filter for the stream to the main window -based on IP addresses and ports). So there you will see all the packets; you might see, for instance, that your application is sending a SYN and the proxy is rejecting it with a RST, and in that case there will be nothing in the data window.
Additionally, you need to take into account that the contents of the window do not get updated in real time -i.e. it will only show the data ethereal has captured when you click "Follow TCP stream", not anything that comes after that-. However, the main window with the display filter applied will be continuously updated; and if after the session ends you click "Follow..." again, you will see everything.
Regards,
Francisco
