Wireshark · Ethereal-dev: Re: [Ethereal-dev] Follow TCP Stream module

Ethereal-dev: Re: [Ethereal-dev] Follow TCP Stream module

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Richard Sharpe <rsharpe@xxxxxxxxxxxxxxxxx>

Date: Wed, 12 Jan 2005 08:53:40 -0800 (PST)

On Thu, 13 Jan 2005, rex plantado wrote:

> thanks guys for the great help, i can now continue my coding, but due
> to my work load, I cant allocate much time for research and reading
> good stuff. im just doing this in my pleasure time.
> one last question: if SYN starts a new tcp stream, what are all other
> possible flags to end a tcp stream?

Well, you should really look for the three-way handshake (segment with SYN
only, then response with SYN,ACK, and then ACK--although there is one
variant).

In answer to your question, RST and FIN are the two flags that indicate
the ending of a stream, although the details are a little more
complicated, and you should really read RFC793, or, get hold of the
Richard Stevens book that was recommended!

Regards
-----
Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com

References:
- Re: [Ethereal-dev] Follow TCP Stream module
  - From: rex plantado

Prev by Date: Re: [Ethereal-dev] Follow TCP Stream module
Next by Date: [Ethereal-dev] Patch: L2TP version 3 support - please check in
Previous by thread: Re: [Ethereal-dev] Follow TCP Stream module
Next by thread: Re: [Ethereal-dev] Follow TCP Stream module
Index(es):
- Date
- Thread