TCP streams are identified by the combination of
Source IP address
Destination IP address
TCP port numbers (both source and destination)
Sequence numbers
Bill Baltas
Sent from my iPad
On May 22, 2011, at 12:00 PM, wireshark-users-request@xxxxxxxxxxxxx wrote:
> Send Wireshark-users mailing list submissions to
> wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
> wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
> wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
> 1. Re: How does wireshark identify tcp streams? (Jaap Keuter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 21 May 2011 21:06:11 +0200
> From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
> To: Community support list for Wireshark
> <wireshark-users@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] How does wireshark identify tcp
> streams?
> Message-ID: <5F77E8C4-CFF7-4245-A3C4-5D6EC0D4CA1C@xxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
> You forgot the TCP port numbers.
>
> Thanks,
> Jaap
>
> Send from my iPhone
>
> On 21 mei 2011, at 20:48, Irfan Habib <irfan@xxxxxxxxxxxxxx> wrote:
>
>> But those would be identical for all traffic b/w a single source/Dest Ip Address
>>
>> --
>> Best Regards,
>> Irfan
>>
>> On Saturday, 21 May 2011 at 19:15, Guy Harris wrote:
>>
>>>
>>> On May 21, 2011, at 11:12 AM, Irfan Habib wrote:
>>>
>>>> Wireshark assigns numbers to tcp streams in a pcap file and packets can be filtered based on that tcp stream number. My question is, what properties in a packet does wireshark use to determine which tcp stream it is part of?
>>>
>>> Source and destination IP addresses and TCP port numbers.
>>> ___________________________________________________________________________
>>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>>> Archives: http://www.wireshark.org/lists/wireshark-users
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110521/365b12ca/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 60, Issue 16
> ***********************************************
