Wireshark-users: Re: [Wireshark-users] Filter for Unanswered SYN's

From: "Frank Barta" <fbarta@xxxxxxxxx>
Date: Thu, 23 Apr 2009 11:38:15 -0400

I’m going to assume that one port, be it the source or destination, is going to be constant. If this is the case, you would be able to use a filter of (tcp.port == <port number>) && (tcp.flags.syn == 1). This will show you all SYN packets related to that socket, including any SYN, ACK packets from the server.

 

Though I’m sure someone else on here will have a better way J.

 

-          FB

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of St Onge,Adam
Sent: Thursday, April 23, 2009 9:25 AM
To: 'wireshark-users@xxxxxxxxxxxxx'
Subject: [Wireshark-users] Filter for Unanswered SYN's

 

I’m working on an issue where a server is not answering TCP SYN’s due to port reuse, while the socket is still in Time_Wait on the server. I was wondering if there is a way to do a filter that would show me “tcp.flags eq 02” if there are multiples for that same socket, or if there is no corresponding Syn,Ack?

 

Thanks,

Adam

 

==============================================================================
This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies.