http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
Summary: Follow TCP Streams gets stream direction wrong if
started from a server->client frame
Product: Wireshark
Version: 0.99.3
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jeff.morriss@xxxxxxxxxxx
Build Information:
--
--
After capturing some web traffic on my PC, I used Follow TCP Stream to look at
what was being exchanged there. I then used the streams "stream direction"
selector (next to the Print button) to view only the data sent from my PC to
the web server or vice versa.
If I happened to have selected "Follow TCP Stream" on a frame from the web
server to my PC then the stream directions selected by this button are wrong.
For example if I select "my PC --> web server" I see the data the web server
sent me and if I select "web server --> my PC" I see the GET request that my PC
sent.
Thanks to Stephen Fisher for helping me narrow down the exact symptom (e.g.,
that it works OK if I select "Follow TCP Stream" on a frame from my PC).
I looked around a bit and noticed that "gtk/follow_dlg.c" function
'follow_read_stream()' seems to take the first port it sees as the client port.
However 'follow_stream_cb()' takes the first IP address from the
'follow_tcp_stats_t' structure as "Host 0". I'd guess the assumption here is
that the two are the same, but it appears the assumption is wrong.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.