On Aug 13, 2009, at 12:52 AM, Selçuk Cevher wrote:
The implementation of "Follow TCP Stream" command should be more
complicated since it should cover handling the dropped, duplicated
and out-of-order TCP packets.
How does Wireshark handle this issues ? Where is the implementation
of "Follow TCP Stream" command in the source tree
Take a look at gtk/follow_stream.c for the shared GUI portion of each
of the follow types (TCP, UDP, SSL). gtk/follow_tcp.c contains a good
portion of the follow TCP implementation. epan/follow.[ch] contains
the rest of the code for following streams. As you predicted, the TCP
following logic is a lot more complicated than say the UDP. You might
want to start there to understand the ideas better before jumping into
TCP or SSL.
Steve