I recently ran
accross a problem where the application engineers were complaining that
they were getting java socket timeouts in the server logs.
They said
that the application would only log this problem if the server attempted to
connect but the 3 way handshake failed.
After sniffing the
communication using Sniffer Pro, the "expert" did not find these unanswered
SYNs.
I wound up having to
apply a SYN and FIN filter at the same time, exporting it to CSV, importing it
into Excel and sorting by port.
At that point, I was
able to scroll down through every converstation in the trace and see if every
SYN that was sent had a corresponding FIN. When I did this, I was able to easily
spot multiple unanswered FINs, get the port number and filter on those, thus
solving the application engineer's problem.
My question is, is
there some way that I could have used the wireshark software to filter on
unanswered SYNs and could have saved myself alot of work?
thanks
jack