Wireshark-users: Re: [Wireshark-users] Unanswered SYNs

From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Fri, 11 Apr 2008 12:58:24 -0700
Yeah I just wouldn't mind taking a peak at the problem and using the tip
that Gerald posted.

Thanks,
Barry
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sheahan,
John
Sent: Friday, April 11, 2008 3:55 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Unanswered SYNs

I don't have any problem with changing the IP's and posting any part of
it if that helps? 


 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry
Constantine
Sent: Friday, April 11, 2008 3:53 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Unanswered SYNs

Hi Jack,

Any chance this capture could be posted or emailed (understand if it is
confidential)?

Thanks,
Barry

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sheahan,
John
Sent: Friday, April 11, 2008 1:16 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Unanswered SYNs

Wow! the worked perfectly and quickly!
I'm impressed.

I have always been a proponent of using Sniffer Pro but that is only
because I know how to get around quickly in there due to previous
training.

It appears that Wireshark is alot more powerful once you know what
you're doing?

jack 


 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Gerald Combs
Sent: Friday, April 11, 2008 12:56 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Unanswered SYNs

Sheahan, John wrote:
> My question is, is there some way that I could have used the wireshark

> software to filter on unanswered SYNs and could have saved myself alot

> of work?

The TCP dissector doesn't have a "tcp.analysis.dangling_syn" or
"tcp.analysis.handshake_progress" display filter field, although either
of those would arguably be pretty handy. You should be able to find
unanswered SYNs in a capture file here by selecting
"Statistics->Conversation List->TCP (IPv4 & IPv6)", then sorting by
"Packets A<-B". Unanswered SYNs will have zero packets in that column.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users