Wireshark · Ethereal-users: Re: [Ethereal-users] Separating packet dump into TCP streams

Ethereal-users: Re: [Ethereal-users] Separating packet dump into TCP streams

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Tue, 31 Oct 2000 15:54:41 -0800 (PST)

> Works for the specific streams that I have, just not sure if it is
> applicable with other protocols. Of course, it only works with TCP.

Given that the description mentions only IP and TCP fields in the filter
expressions, mentioning no fields for other protocols, it should work
regardless of what protocol you are running atop TCP.

It won't work with IPv6; for that, you'd have to, for the SYN packets,
check whether the IP packet containing the SYN is an IPv4 or IPv6 packet
and, if it's IPv6, extract IPv6 addresses and filter on "ipv6.addr"
rather than on "ip.addr".  If you don't have IPv6 traffic, however, you
needn't worry about that.

References:
- Re: [Ethereal-users] Separating packet dump into TCP streams
  - From: Jesus M. Salvo Jr.

Prev by Date: Re: [Ethereal-users] Bug in tethereal - delta time.
Next by Date: Re: [Ethereal-users] Separating packet dump into TCP streams
Previous by thread: Re: [Ethereal-users] Separating packet dump into TCP streams
Next by thread: Re: [Ethereal-users] Separating packet dump into TCP streams
Index(es):
- Date
- Thread