Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] tcp conversations

Date Prev · Date Next · Thread Prev · Thread Next
From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
Date: Wed, 1 Feb 2012 12:23:21 +0100
hi!

in the case that two hosts host_a and host_b are communicating using:

* tcp as a transport protocol
* ip addresses: ip_addr_host_a, ip_addr_host_b
* tcp ports (always!): tcp_port_host_a, tcp_port_host_b

and the tcp connection is NOT persistent (i.e. it is explicitly terminated and
started all over again) what is wireshark supposed to display in the
gui window "TCP Conversations":

a. one conversation between {ip_addr_host_a, tcp_port_host_a} and
{ip_addr_host_b, tcp_port_host_b} containing all the actual
"incarnations of the connection" (this is the actual term used in the tcp rfc
http://tools.ietf.org/html/rfc793#section-2.7)

b. multiple conversations between the above (based/sorted on new ISNs)
(one conversation per actual "incarnation of the connection")

thanks a lot!
bye now!
cristian