Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] what does the TCP stream mean in wireshark

Date: Wed, 23 May 2012 09:15:25 -0500 (EST)
----- Start Original Message -----
Sent: Wed, 23 May 2012 14:56:39 +0200
From: nangergong <nangergong@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark

> I used a mobile browser in a HTC smartphone to access some websites and I
> used wireshark to capture the packets between the mobile browser and the
> website servers.

Multiple handshakes wherein the same source & destination ports were re-used?

> 
> On Wed, May 23, 2012 at 2:49 PM, Boonie <newsboonie@xxxxxxxxx> wrote:
> 
> > **
> > Were that packets of a cheap embeded device? Sounds like a buggy TCP stack
> > to me.
> >
> >
> > ----- Original Message -----
> > *From:* nangergong a <nangergong@xxxxxxxxx>
> > *To:* Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> > *Sent:* Wednesday, May 23, 2012 2:13 PM
> > *Subject:* Re: [Wireshark-users] what does the TCP stream mean in
> > wireshark
> >
> > Thanks! But previously I saw a tcp stream where there are several TCP
> > connections (I mean mutiple SYN-SYN/ACK-ACK handshakes)
> >
> > On Wed, May 23, 2012 at 12:48 PM, Martin Visser <martinvisser99@xxxxxxxxx>wrote:
> >
> >> Nangergong,
> >>
> >> A TCP stream is a single connection between two IP addresses, between the
> >> two same ports. If you see the beginning you'll see the SYN-SYN/ACK-ACK
> >> handshake, an will also see the sequence numbers increasing. Some protocols
> >> like HTTP/1.1 can have multiple higher level conversations on the one
> >> connection, so I am not sure that is what you might be seeing?
> >>
> >> Regards, Martin
> >>
> >> MartinVisser99@xxxxxxxxx
> >>
> >>
> >>  On 23 May 2012 20:28, nangergong <nangergong@xxxxxxxxx> wrote:
> >>
> >>> HI, all:
> >>>
> >>>     In wireshark there is an option "Follow the TCP stream", I'm
> >>> wondering what does it mean? it seems that in such a TCP stream there are
> >>> multiple TCP connections.
> >>>
> >>
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request@xxxxxxxxxxxxx
> > ?subject=unsubscribe
> >
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

----- End Original Message -----