Wireshark-users: Re: [Wireshark-users] Unanswered SYNs

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Fri, 11 Apr 2008 09:55:55 -0700
Sheahan, John wrote:
> My question is, is there some way that I could have used the wireshark
> software to filter on unanswered SYNs and could have saved myself alot
> of work?

The TCP dissector doesn't have a "tcp.analysis.dangling_syn" or
"tcp.analysis.handshake_progress" display filter field, although either of those
would arguably be pretty handy. You should be able to find unanswered SYNs in a
capture file here by selecting "Statistics->Conversation List->TCP (IPv4 &
IPv6)", then sorting by "Packets A<-B". Unanswered SYNs will have zero packets
in that column.